Difference between revisions of "Samba (正體中文)"

From ArchWiki
Jump to navigation Jump to search
(update interlanguage links)
Tag: wiki-scripts
 
(12 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Category:Networking (简体中文)]]
+
[[Category:正體中文]]
 +
[[Category:Networking (正體中文)]]
 
[[cs:Samba]]
 
[[cs:Samba]]
 
[[da:Samba]]
 
[[da:Samba]]
Line 10: Line 11:
 
[[ru:Samba]]
 
[[ru:Samba]]
 
[[sr:Samba]]
 
[[sr:Samba]]
[[tr:Samba]]
+
[[zh-hans:Samba]]
[[zh-TW:Samba]]
+
{{Related articles start}}
{{Translateme (简体中文)|文章与英文严重脱节,翻译前请先同步英文。}}
+
{{Related|Active Directory Integration}}
{{Related articles start (简体中文)}}
+
{{Related|Samba/Active Directory domain controller}}
{{Related|Samba/Tips and tricks}}
+
{{Related|SOGo}}
{{Related|Samba/Troubleshooting}}
 
 
{{Related|NFS}}
 
{{Related|NFS}}
{{Related|Samba Domain Controller}}
 
{{Related|Active Directory Integration}}
 
 
{{Related articles end}}
 
{{Related articles end}}
'''Samba''' 是SMB/CIFS网络协议的重新实现, 它作为[[NFS (简体中文)|NFS]]的补充使得在Linux和Windows系统中进行文件共享、打印机共享更容易实现。一些用户说Samba配置简单,操作直观。然而,许多新用户会因为它的复杂性和非直观的机制而遇到问题。强烈建议新用户仔细按照下面的指导。
+
{{翻譯狀態|Samba|2015-01-22|357593}}
  
==安装==
+
'''Samba''' is a re-implementation of the [[wikipedia:Server_Message_Block|SMB/CIFS]] networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to [[NFS]]. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. It is strongly suggested that the user sticks close to the following directions.
如果只是访问文件,而不需要共享文件,仅安装''客户端''程序就足够了.
 
# pacman -S smbclient
 
  
为了可以共享文件, 安装Samba包( 这将同时安装客户端 ):
+
== Server configuration ==
# pacman -S samba
 
  
==配置==
+
To share files with Samba, [[pacman#Installing specific packages|install]] {{Pkg|samba}}, from the [[official repositories]].
===基本配置===
 
文件 {{ic|/etc/samba/smb.conf}} 必须在守护进程运行前生成。一旦被建立起来,用户就可以选择使用SWAT这种更高级的接口来配置了。
 
  
使用root账户,拷贝默认的Samba配置文件到{{ic|/etc/samba/smb.conf}}:
+
The Samba server is configured in {{ic|/etc/samba/smb.conf}}. Copy the default Samba configuration file to {{ic|/etc/samba/smb.conf}}:
 
  # cp /etc/samba/smb.conf.default /etc/samba/smb.conf
 
  # cp /etc/samba/smb.conf.default /etc/samba/smb.conf
  
打开{{ic|smb.conf}}并按照你的需要编辑它。默认为每个用户的家目录生成一个共享。同时生成一个打印机共享。
+
{{Tip|Run {{ic|testparm}} to check the validity of ''samba'' configuration file.}}
  
{{ic|man smb.conf}} 查看更多可用选项。
+
=== Creating a share ===
  
要开机自动运行samba,在 {{ic|[[rc.conf (简体中文)|rc.conf]]}} 中如下一行添加守护进程:
+
Edit {{ic|/etc/samba/smb.conf}}, scroll down to the '''Share Definitions''' section. The default configuration automatically creates a share for each user's home directory. It also creates a share for printers by default. There are a number of commented sample configurations included. More information about available options for shared resources can be found in {{man|5|smb.conf}}. [http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html Here] is the on-line version.
  
DAEMONS=(... ... samba ... ...)
+
On Windows side, be sure to change {{ic|smb.conf}} to the Windows Workgroup. (Windows default: WORKGROUP)
  
手动管理 samba:
+
=== Starting services ===
  
# rc.d {start|stop|restart} samba
+
To provide basic file sharing through SMB [[Systemd#Using units|start/enable]] {{ic|smbd.service}} and {{ic|nmbd.service}} services. See [http://www.samba.org/samba/docs/man/manpages-3/smbd.8.html smbd] and [http://www.samba.org/samba/docs/man/manpages-3/nmbd.8.html nmbd] manpages for details.
  
=== 基于命令行的选择 ===
+
{{Tip|Instead of having the service running since boot, you can enable {{ic|smbd.socket}} so the daemon is started on the first incoming connection. Don't forget to disable {{ic|smbd.service}}.}}
====增加用户====
 
要登入Samba共享,你应该增加一个用户.
 
  
Samba 3.4.0 的增加方法如下:
+
=== Creating usershare path ===
# pdbedit -a -u <user>
+
{{Note|This is an optional feature. Skip this section if you don't need it.}}
  
早期的方法:
+
"Usershare" is a feature that gives non-root users the capability to add, modify, and delete their own share definitions.
# smbpasswd -a <user>
 
  
存在smbpasswd数据,[[Samba#Changes_in_Samba_version_3.4.0|转换成新格式]]
+
This creates the usershares directory in {{ic|/var/lib/samba}}:
  
你的用户名必须是已经存在的. 如果不存在你可能得到一个错误:
+
  # mkdir -p /var/lib/samba/usershare
  Failed to modify password entry for user "<user>"
 
  
你可以用[[User Management#adduser|adduser]]增加一个新用户给Linux. This article does not cover adding users to Windows systems.
+
This makes the group sambashare:
  
{{注意|smbpasswd 不再被 [[Samba#Changes_in_Samba_version_3.4.0|Samba version 3.4.0]] 默认使用。 }}
+
# groupadd sambashare
  
=== Web-based configuration (SWAT)===
+
This changes the owner of the directory and group you just created to root:
'''SWAT''' (Samba Web Administration Tool) is a facility that is part of the Samba suite. Whether or not to use this tool remains a matter of personal preference. It does allow for quick configuration and has context-sensitive help for each {{ic|smb.conf}} parameter. SWAT also provides an interface for monitoring of current state of connection(s), and  allows network-wide MS Windows network password management.
 
  
{{Warning|Before using SWAT, be warned that SWAT will completely replace {{ic|/etc/samba/smb.conf}} with a fully optimized file that has been stripped of all comments, and only non-default settings will be written to the file.}}
+
# chown root:sambashare /var/lib/samba/usershare
  
To use SWAT, two [[systemd]] unit files come with the samba package that allow for socket activation. The SWAT service will be called automatically should a user call on the configured socket. In this case, a TCP connection on a specific port.
+
This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:
  
First, review the socket configuration:
+
# chmod 1770 /var/lib/samba/usershare
{{hc|/usr/lib/systemd/system/swat.socket|<nowiki>
 
[Unit]
 
Description=SWAT Samba Web Admin Tool
 
  
[Socket]
+
Set the following variables in {{ic|smb.conf}} configuration file:  
ListenStream=127.0.0.1:901
 
Accept=true
 
  
[Install]
+
{{hc|/etc/samba/smb.conf|2=
WantedBy=sockets.target
+
...
</nowiki>}}
+
[global]
 +
  usershare path = /var/lib/samba/usershare
 +
  usershare max shares = 100
 +
  usershare allow guests = yes
 +
  usershare owner only = yes
 +
  ...
 +
}}
  
{{Note|By default SWAT will only be available from the localhost, the system the SWAT service is installed on. If SWAT should be available for external connections, copy the unit to {{ic|<nowiki>/etc/systemd/system/swat.socket</nowiki>}}, and replace 127.0.0.1 with your system's LAN ip. i.e. {{ic|<nowiki>192.168.1.80:901</nowiki>}}.}}
+
Add your user to the ''sambashare'' group. Replace {{ic|''your_username''}} with the name of your user:
  
When satisfied with the configuration, start the socket:
+
  # usermod -a -G sambashare ''your_username''
  # systemctl start swat.socket
 
  
Or, should you want to enable SWAT during boot, enable:
+
Restart {{ic|smbd}} and {{ic|nmbd}} services.
# systemctl enable swat.socket
 
  
The web interface can now be accessed on port 901 by default:
+
Log out and log back in. You should now be able to configure your samba share using GUI. For example, in [[Thunar]] you can right click on any directory and share it on the network. If you want to share pathes inside your home directory you must make it listable for the group others.
{{ic|http://localhost:901/}}
 
  
{{Note|An all-encompasing [[Webmin]] tool is also available, and the SWAT module can be loaded there.}}
+
=== Adding a user ===
  
==Accessing shares==
+
Create a [[Users and groups#User management|Linux user account]] for ''samba'' userSubstitute {{ic|''samba_user''}} with preferred name if desired:
Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods  The graphical manner is limitedSome Desktop Environments have a way to facilitate accessing these shared resources.  However, most do not.  In fact, most lightweight DE's and WM's offer no native method.
 
  
There are two parts to share access. First is the underlying file system mechanism, and second is the interface which allows the user to select to mount shared resources.  Some environments have the first part built into them.
+
  # useradd ''samba_user''
  
If you are using KDE, it has the ability to browse Samba shares.  You therefore do not need any additional packages.  (However, for a GUI in the KDE System Settings you have to install the kdenetwork-filesharing package from [extra].  Another program choice is SMB4K.)  If, however, you plan to use the share in Gnome or solely from a shell, you will need an additional package.
+
Then create a ''Samba'' user account with the same name:
  
===从Gnome/Xfce4访问Samba共享===
+
  # pdbedit -a -u ''samba_user''
为了从Nautilus访问Samba共享,你必须首先安装{{pkg|gvfs-smb}}和{{pkg|gnome-vfs}}包
 
  # pacman -S gvfs-smb gnome-vfs
 
  
为了在 Xfce4 中使用 thunar 访问,只需要安装 {{pkg|gvfs-smb}}
+
=== Changing Samba user's password ===
# pacman -S gvfs-smb
 
  
在Nautilus/Thunar中, {{ic|Ctrl}}+{{ic|L}} 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:
+
To change a user's password, use {{ic|smbpasswd}}:
smb://servername/share
 
  
{{注意|如果你的服务器名称不在 {{ic|/etc/hosts}} 中,你必须使用 IP 地址访问服务器。}}
+
# smbpasswd ''samba_user''
  
你也可以使用另一个Gnome浏览程序Gnomba.
+
=== Required ports ===
  
如果在运行 iptables ,'''nf_conntrack_netbios_ns''' 模块必须被加载:
+
If running a [[firewall]], don't forget to open required [https://wiki.samba.org/index.php/Samba_port_usage Samba ports].
modprobe nf_conntrack_netbios_ns
 
  
===从其他图形环境访问共享===
+
== Client configuration ==
There are a number of useful programs, but they will need to have packages created for them.  This can be done with the Arch package build system.  The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.
 
  
LinNeighborhood is non-specific when it comes to the DE or WM. It can be seen as a simple and generic X-based LAN browser and share mounter.  Not pretty, but effective.
+
Only {{Pkg|smbclient}} is required to access files from a Samba/SMB/CIFS server. It is available from the official repositories.
  
Other possible programs include pyneighborhood and RUmba, as well as the xffm-samba plugin for Xffm.
+
Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods. Depending on the [[desktop environment]], GUI methods may not be available. See also [[#File manager configuration]] for use with a file manager.
  
===从命令行访问 Samba 共享===
+
There are two parts in sharing access. The first is the underlying file system mechanism, which some environments have built in. The second is the interface which allows the user to mount shared resources.
共享可以使用自动挂载访问,或者通过[[#手动挂载共享|手动方式]]。
 
  
====自动挂载共享====
+
=== Manual mounting ===
有很多方法可以简单的访问共享.
 
  
=====smbnetfs=====
+
For a lighter approach without support  for listing public shares, only install {{Pkg|cifs-utils}} to provide {{ic|/usr/bin/mount.cifs}}.
1. 安装 {{Pkg|smbnetfs}}:
 
# pacman -S smbnetfs
 
  
2. 在 {{ic|/etc/fuse.conf}}中添加下面内容:
+
To list  public shares on a server:
user_allow_other
 
  
3. 载入{{ic|fuse}}内核模块:
+
  $ smbclient -L ''hostname'' -U%
  # modprobe fuse
 
  
4. 启动 {{ic|smbnetfs}} [[daemon]]:
+
Create a mount point for the share:
# /etc/rc.d/smbnetfs start
 
  
通过适当的配置,他就可以将所有的共享自动挂载到 {{ic|/mnt/smbnet}}下.
+
# mkdir /mnt/''mountpoint''
  
参考如下,设置{{ic|/etc/rc.conf}}文件使其在启动时访问共享:
+
Mount the share using the {{ic|mount.cifs}} type. Not all the options listed below are needed or desirable (ie. {{ic|password}}).
MODULES=(... '''fuse''' ...)
 
DAEMONS=(... '''smbnetfs''' ...)
 
  
如果你需要让别人输入用户名和密码来访问共享文件夹, 你需要编辑 {{ic|/etc/smbnetfs/.smb/smbnetfs.conf}}文件,取消"auth"前的注释:
+
{{bc|1=
 +
# mount -t cifs //''SERVER''/''sharename'' /mnt/''mountpoint'' -o user=''username'',password=''password'',workgroup=''workgroup'',ip=''serverip''
 +
}}
  
auth "WORKGROUP/username" "password"
+
''SERVER''
 +
: The Windows system name.
  
然后, 你需要改变 {{ic|/etc/smbnetfs/.smb/smbnetfs.conf}} 的权限来是smbnetfs正常工作:
+
''sharename''
 +
: The shared directory.
  
# chmod 600 /etc/smbnetfs/.smb/smbnetfs.conf
+
''mountpoint''
 +
: The local directory where the share will be mounted.
  
=====fusesmb=====
+
{{ic|<nowiki>-o [options]</nowiki>}}
{{注意|1=因为 {{ic|smbclient 3.2.X}}{{ic|fusesmb}}不兼容, 如果想使用fusesmb来访问共享,请将{{ic|smbclient 3.2.X}}恢复到旧的版本. 详见 [https://bbs.archlinux.org/viewtopic.php?id=58434 relevant forum topic]论坛主题.}}
+
: See {{man|8|mount.cifs}} for more information.
  
1. 使用[[yaourt]]从[[AUR]]安装{{AUR|fusesmb}}包:
+
{{Note|
$ yaourt -S fusesmb
+
* Abstain from using a trailing {{ic|/}}. {{ic|//''SERVER''/''sharename'''''/'''}} will not work.
 +
* If your mount does not work stable, stutters or freezes, try to enable different SMB protocol version with {{ic|1=vers=}} option. For example, {{ic|1=vers=2.0}} for Windows Vista mount.
 +
}}
  
2. 创建一个挂载点:
+
==== Add Share to /etc/fstab ====
# mkdir /mnt/fusesmb
 
  
3. 载入{{ic|fuse}}模块:
+
The simplest way to add an fstab entry is something like this:
# modprobe fuse
 
  
4. 挂载共享:
+
{{hc|/etc/fstab|2=
# fusesmb -o allow_other /mnt/fusesmb
+
//''SERVER''/''sharename'' /mnt/''mountpoint'' cifs username=''username'',password=''password'' 0 0
 +
}}
  
为了启动是自动挂载共享文件夹, 将以上命令增加到{{ic|/etc/rc.local}}文件中,并将{{ic|fuse}}模块增加到 {{ic|/etc/rc.conf}}中:
+
However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and {{ic|chmod 600 ''filename''}} so only the owning user can read and write to it. It should contain the following information:
MODULES=(... '''fuse''' ...)
 
  
=====Autofs=====
+
{{hc|/path/to/credentials/sambacreds|2=
See [[Autofs]] for information on the kernel-based automounter for Linux.
+
username=''username''
 +
password=''password''
 +
}}
  
====手动挂载共享====
+
and the line in your fstab should look something like this:
1. Use [[smbclient]] to browse shares from the shell. To list any public shares on a server:
 
$ smbclient -L <hostname> -U%
 
  
2. 为共享创建一个挂载点:
+
{{hc|/etc/fstab|2=
# mkdir /mnt/MOUNTPOINT
+
//SERVER/SHARENAME /mnt/''mountpoint'' cifs credentials=''/path/to/credentials/sambacreds'' 0 0
 +
}}
  
3. 使用 {{ic|mount.cifs}}挂载共享. 请记住并不是所有选项都需要, 比如 {{ic|password}}:
+
If using ''systemd'' (modern installations), one can utilize the {{ic|1=comment=systemd.automount}} option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing {{ic|uid}} and {{ic|gid}} options.
# mount -t cifs //''SERVER''/''SHARENAME'' ''MOUNTPOINT'' -o user=''USERNAME'',password=''PASSWORD'',workgroup=''WORKGROUP'',ip=''SERVERIP''
 
  
;{{ic|SERVER}}: Windows系统的名称
+
{{Warning|Using the {{ic|uid}} and {{ic|gid}} options may cause input ouput errors in programs that try to fetch data from network drives.}}
;{{ic|SHARENAME}}: 共享目录
 
;{{ic|MOUNTPOINT}}: 希望将共享目录挂载于其上的本地目录
 
;{{ic|-o [options]}}: 指定命令选项 {{ic|mount.cifs}}
 
:;{{ic|user}}: 挂载共享时所用用户名
 
:;{{ic|password}}: 共享目录的密码
 
:;{{ic|workgroup}}: 指定工作组名
 
:;{{ic|ip}}: 如果系统无法通过名字( DNS, WINS, hosts entry 等)搜索到 Windows 电脑,需要指定服务器的IP地址。
 
  
{{Note|Abstain from using trailing directory ('''/''') characters. Using {{ic|//SERVER/SHARENAME'''/'''}} will not work.}}
+
{{hc|/etc/fstab|2=
 +
//''SERVER''/''SHARENAME'' /mnt/''mountpoint'' cifs credentials=''/path/to/smbcredentials'',comment=systemd.automount,uid=''username'',gid=''usergroup'' 0 0
 +
}}
  
4. 可以用下面的命令卸载共享:
+
{{Note|Space in sharename should be replaced by {{ic|\040}} (ASCII code for space in octal). For example, {{ic|//''SERVER''/share name}} on the command line should be {{ic|//''SERVER''/share\040name}} in {{ic|/etc/fstab}}.}}
# umount /mnt/MOUNTPOINT
 
  
=====添加共享到 {{ic|fstab}}=====
+
==== User mounting ====
为了方便地使用共享,可以添加下面的内容到 {{ic|/etc/[[fstab]]}} :
 
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
 
  
The {{ic|noauto}} option disables mounting it automatically at boot and {{ic|noatime}} increases performance by skipping inode access times.
+
{{hc|/etc/fstab|2=
 +
//''SERVER''/''SHARENAME'' /mnt/''mountpoint'' cifs users,credentials=''/path/to/smbcredentials'',workgroup=''workgroup'',ip=''serverip'' 0 0
 +
}}
  
After adding the previous line, the syntax to mount files becomes simpler:
+
{{Note|The option is user'''s''' (plural). For other filesystem types handled by mount, this option is usually ''user''; sans the "'''s'''".}}
# mount /mnt/MOUNTPOINT
 
  
=====Allowing users to mount=====
+
This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use [[#smbnetfs|smbnetfs]], or grant privileges using [[sudo]].
Before enabling access to the mount commands, {{ic|fstab}} needs to be modified. Add the {{ic|users}} options to the entry in {{ic|/etc/fstab}}:
 
//SERVER/SHARENAME /path/to/SHAREMOUNT cifs '''users''',noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
 
  
{{Note|The option is {{ic|user'''s'''}} (plural). For other filesystem types handled by mount, this option is usually  ''user''; sans the "'''s'''".}}
+
=== WINS host names ===
  
This will allow users to mount it aslong as the mount point resides in a directory ''controllable'' by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use [[#smbnetfs]], or grant privileges using [[sudo]].
+
The {{pkg|smbclient}} package provides a driver to resolve host names using WINS. To enable it, add “wins” to the “hosts” line in /etc/nsswitch.conf.
  
== Tips and tricks ==
+
=== Automatic mounting ===
  
=== Share files for your LAN without user and password ===
+
There are several ways to easily browse shared resources:
  
Edit {{ic|/etc/samba/smb.conf}} and add the following line:
+
==== smbnetfs ====
  
map to guest = Bad User
+
{{Note|1=smbnetfs needs an intact Samba server setup.
 +
See above on how to do that.}}
  
After this line
+
First, check if you can see all the shares you are interested in mounting:
 +
$ smbtree -U ''remote_user''
  
security = user
+
If that does not work, find and modify the following line
 +
in {{ic|/etc/samba/smb.conf}} accordingly:
  
If you want to restrict the shares data to a specific interface replace:
+
domain master = auto
  
;  interfaces = 192.168.12.2/24 192.168.13.2/24
+
Now [[systemd#Using units|restart]] {{ic|smbd.service}} and {{ic|nmbd.service}}.
  
with:
+
If everything works as expected, [[pacman#Installing specific packages|install]] {{Pkg|smbnetfs}} from the official repositories.
  
interfaces = lo eth0
+
Then, add the following line to {{ic|/etc/fuse.conf}}:
bind interfaces only = true
 
  
(changing eth0 to the local network you want share with.)
+
user_allow_other
  
If you want to edit the account that access the shares, edit the following line:
+
and load the {{ic|fuse}} [[kernel module]]:
  
  ;  guest account = nobody
+
  # modprobe fuse
 
 
The last step is to create share directory (for write access make writable = yes):
 
 
 
[Public Share]
 
path = /path/to/public/share
 
available = yes
 
browsable = yes
 
public = yes
 
writable = no
 
 
 
=== Sample configuration file ===
 
  
The configuration that worked for one user:
+
Now copy the directory {{ic|/etc/smbnetfs/.smb}} to your home directory:
[global]
 
workgroup = WORKGROUP
 
server string = Samba Server
 
netbios name = PC_NAME
 
security = share
 
; the line below is important! If you have permission issues make
 
; sure the user here is the same as the user of the folder you
 
; want to share
 
guest account = mark
 
username map = /etc/samba/smbusers
 
name resolve order = hosts wins bcast
 
wins support = no<br />
 
[public]
 
comment = Public Share
 
path = /path/to/public/share
 
available = yes
 
browsable = yes
 
public = yes
 
writable = no
 
  
=== Discovering network shares ===
+
$ cp -a /etc/smbnetfs/.smb ~
  
If nothing is known about other systems on the local network, and automated tools such as [[#smbnetfs]] are not available, the following methods allow one to manually probe for Samba shares.
+
Then create a link to {{ic|smb.conf}}:
  
1. First, install {{Pkg|nmap}} and {{Pkg|smbclient}} using [[pacman]]:
+
  $ ln -sf /etc/samba/smb.conf ~/.smb/smb.conf
  # pacman -S nmap smbclient
 
  
2. {{ic|nmap}} checks which ports are open:
+
If a username and a password are required to access some of the shared folders, edit {{ic|~/.smb/smbnetfs.auth}}
# nmap -sT 192.168.1.*
+
to include one or more entries like this:
  
In this case, a scan on the 192.168.1.* IP address range has been performed, resulting in:
+
{{hc|~/.smb/smbnetfs.auth|
{{hc
+
auth "hostname" "username" "password"
|$ nmap -sT 192.168.1.*
 
|Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT
 
Interesting ports on 192.168.1.1:
 
(The 1661 ports scanned but not shown below are in state: closed)
 
PORT    STATE SERVICE
 
'''139/tcp  open  netbios-ssn'''
 
5000/tcp open  UPnP
 
 
 
Interesting ports on 192.168.1.5:
 
(The 1662 ports scanned but not shown below are in state: closed)
 
PORT    STATE SERVICE
 
6000/tcp open  X11
 
 
 
Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
 
 
}}
 
}}
  
The first result is another system; the second happens to be the client from where this scan was performed.
+
It is also possible to add entries for specific hosts to be mounted by smbnetfs, if necessary.
 +
More details can be found in {{ic|~/.smb/smbnetfs.conf}}.
  
3. Now that systems with port 139 open are revealed, use {{ic|nmblookup}} to check for NetBIOS names:  
+
If you are using the Dolphin or Nautilus file managers, you may want to the following to {{ic|~/.smb/smbnetfs.conf}} to avoid "Disk full" errors as smbnetfs by default will report 0 bytes of free space:
{{hc
+
{{hc|~/.smb/smbnetfs.conf|
|$ nmblookup -A 192.168.1.1
+
free_space_size 1073741824
|Looking up status of 192.168.1.1
 
        PUTER          <00> -        B <ACTIVE>
 
        HOMENET        <00> - <GROUP> B <ACTIVE>
 
        PUTER          <03> -        B <ACTIVE>
 
        '''PUTER          <20> -        B <ACTIVE>'''
 
        HOMENET        <1e> - <GROUP> B <ACTIVE>
 
        USERNAME        <03> -        B <ACTIVE>
 
        HOMENET        <1d> -        B <ACTIVE>
 
        MSBROWSE        <01> - <GROUP> B <ACTIVE>
 
 
}}
 
}}
  
Regardless of the output, look for '''<20>''', which shows the host with open services.
+
When you are done with the configuration, you need to run
 +
$ chmod 600 ~/.smb/smbnetfs.*
 +
Otherwise, smbnetfs complains about 'insecure config file permissions'.
  
4. Use {{ic|smbclient}} to list which services are shared on ''PUTER''. If prompted for a password, pressing enter should still display the list:
+
Finally, to mount your Samba network neighbourhood to a directory of your choice, call
{{hc
+
$ smbnetfs ''mount_point''
|$ smbclient -L \\PUTER
 
|<nowiki>
 
Sharename      Type      Comment
 
---------      ----      -------
 
MY_MUSIC        Disk
 
SHAREDDOCS      Disk
 
PRINTER$        Disk
 
PRINTER        Printer
 
IPC$            IPC      Remote Inter Process Communication
 
  
Server              Comment
+
===== Daemon =====
---------            -------
 
PUTER
 
  
Workgroup            Master
+
The Arch Linux package also maintains an additional system-wide operation mode for smbnetfs. To enable it, you need to make the
---------            -------
+
said modifications in the directoy {{ic|/etc/smbnetfs/.smb}}.
HOMENET              PUTER
 
</nowiki>}}
 
  
This shows which folders are shared and can be mounted locally. See: [[#Accessing Samba shares]]
+
Then, you can start and/or enable the {{ic|smbnetfs}} [[daemon]] as usual. The system-wide mount point is at {{ic|/mnt/smbnet/}}.
  
=== Remote control of Windows computer ===
+
==== autofs ====
  
Samba offers a set of tools for communication with Windows. These can be handy in case you can't access a Windows computer through remote desktop, as shown by some examples.
+
See [[Autofs]] for information on the kernel-based automounter for Linux.
 
 
Send shutdown command with a comment:
 
 
$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD
 
If you prefer a forced shutdown instead change -C with comment to a single -f. For a restart you only add -r, followed by a -C or -f.
 
 
 
Stop and start services:
 
 
$ net rpc service stop SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD
 
 
 
To see all possible net rpc command:
 
 
 
$ net rpc
 
 
 
== Troubleshooting ==
 
=== Trouble accessing a password-protected share from Windows ===
 
 
 
If you are having trouble accessing a password protected share from Windows, try adding this to {{ic|/etc/samba/smb.conf}}:[http://blogs.computerworld.com/networking_nightmare_ii_adding_linux]
 
 
 
Note that you have to add this to your '''local''' smb.conf, not to the server's smb.conf
 
 
 
[global]
 
# lanman fix
 
client lanman auth = yes
 
client ntlmv2 auth = no
 
 
 
=== Getting a dialog box up takes a long time ===
 
 
 
I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:
 
 
 
[2009/11/11 06:20:12,  0] printing/print_cups.c:cups_connect(103)
 
Unable to connect to CUPS server localhost:631 - Interrupted system call
 
 
 
I don't have any printer connected to this server, so I added this to the global section:
 
 
 
load printers = no
 
printing = bsd
 
disable spoolss = yes
 
printcap name = /dev/null
 
 
Not sure if all of them are necessary, but at least it works now.
 
 
 
=== Changes in Samba version 3.4.0 ===
 
  
[http://www.samba.org/samba/history/samba-3.4.0.html Major enhancements in Samba 3.4.0] include:
+
=== File manager configuration ===
  
The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration!
+
==== GNOME Files, Nemo, Thunar and PCManFM ====
  
If you would like to stick to the 'smbpasswd' backend try changing this in {{ic|/etc/samba/smb.conf}}:
+
In order to access samba shares through GNOME Files, Nemo, Thunar or PCManFM, install the {{Pkg|gvfs-smb}} package, available in the [[official repositories]].
  
passdb backend = smbpasswd
+
Press {{ic|Ctrl+l}} and enter {{ic|smb://''servername''/''share''}} in the location bar to access your share.
  
or convert your smbpasswd entries using:
+
The mounted share is likely to be present at {{ic|/run/user/''your_UID''/gvfs}} in the filesystem.
  
sudo pdbedit -i smbpasswd -e tdbsam
+
==== KDE ====
  
=== Error: Value too large for defined data type ===
+
KDE, has the ability to browse Samba shares built in. Therefore do not need any additional packages. However, for a GUI in the KDE System Settings, install the {{Pkg|kdenetwork-filesharing}} package from the official repositories.
  
With some applications you could get this error whith every attempt to open a file mounted in smbfs/cifs:
+
If when navigating with Dolphin you get a "Time Out" Error, you should uncomment and edit this line in smb.conf:{{bc|1=name resolve order = lmhosts bcast host wins}}
 +
as shown in this [http://ubuntuforums.org/showthread.php?t=1605499 page].
  
  Value too large for defined data type
+
==== Other graphical environments ====
  
The solution[https://bugs.launchpad.net/ubuntu/+bug/479266/comments/5] is to add this options to your smbfs/cifs mount options (in /etc/fstab for example):
+
There are a number of useful programs, but they may need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.
  
  ,nounix,noserverino
+
* {{Pkg|pyneighborhood}} is available in the official repositories.
 +
* LinNeighborhood, RUmba, xffm-samba plugin for Xffm are not available in the official repositories or the AUR. As they are not officially (or even unofficially supported), they may be obsolete and may not work at all.
  
''It works on Arch Linux up-to-date (2009-12-02)''
+
== See also ==
  
== Resources ==
+
* [http://www.samba.org/samba/docs/SambaIntro.html Samba: An Introduction]
*[http://www.samba.org/ Samba's official site]
+
* [http://www.samba.org/ Official Samba site]
*[http://www.samba.org/samba/docs/SambaIntro.html Samba: An Introduction]
 

Latest revision as of 22:17, 13 December 2017

翻譯狀態: 本文章是 Samba 的翻譯版本。最近一次的翻譯時間:2015-01-22。點擊本連結查看英文頁面之後的變更。

Samba is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to NFS. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. It is strongly suggested that the user sticks close to the following directions.

Server configuration

To share files with Samba, install samba, from the official repositories.

The Samba server is configured in /etc/samba/smb.conf. Copy the default Samba configuration file to /etc/samba/smb.conf:

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
Tip: Run testparm to check the validity of samba configuration file.

Creating a share

Edit /etc/samba/smb.conf, scroll down to the Share Definitions section. The default configuration automatically creates a share for each user's home directory. It also creates a share for printers by default. There are a number of commented sample configurations included. More information about available options for shared resources can be found in smb.conf(5). Here is the on-line version.

On Windows side, be sure to change smb.conf to the Windows Workgroup. (Windows default: WORKGROUP)

Starting services

To provide basic file sharing through SMB start/enable smbd.service and nmbd.service services. See smbd and nmbd manpages for details.

Tip: Instead of having the service running since boot, you can enable smbd.socket so the daemon is started on the first incoming connection. Don't forget to disable smbd.service.

Creating usershare path

Note: This is an optional feature. Skip this section if you don't need it.

"Usershare" is a feature that gives non-root users the capability to add, modify, and delete their own share definitions.

This creates the usershares directory in /var/lib/samba:

# mkdir -p /var/lib/samba/usershare

This makes the group sambashare:

# groupadd sambashare

This changes the owner of the directory and group you just created to root:

# chown root:sambashare /var/lib/samba/usershare

This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:

# chmod 1770 /var/lib/samba/usershare

Set the following variables in smb.conf configuration file:

/etc/samba/smb.conf
...
[global]
  usershare path = /var/lib/samba/usershare
  usershare max shares = 100
  usershare allow guests = yes
  usershare owner only = yes
  ...

Add your user to the sambashare group. Replace your_username with the name of your user:

# usermod -a -G sambashare your_username

Restart smbd and nmbd services.

Log out and log back in. You should now be able to configure your samba share using GUI. For example, in Thunar you can right click on any directory and share it on the network. If you want to share pathes inside your home directory you must make it listable for the group others.

Adding a user

Create a Linux user account for samba user. Substitute samba_user with preferred name if desired:

# useradd samba_user

Then create a Samba user account with the same name:

# pdbedit -a -u samba_user

Changing Samba user's password

To change a user's password, use smbpasswd:

# smbpasswd samba_user

Required ports

If running a firewall, don't forget to open required Samba ports.

Client configuration

Only smbclient is required to access files from a Samba/SMB/CIFS server. It is available from the official repositories.

Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods. Depending on the desktop environment, GUI methods may not be available. See also #File manager configuration for use with a file manager.

There are two parts in sharing access. The first is the underlying file system mechanism, which some environments have built in. The second is the interface which allows the user to mount shared resources.

Manual mounting

For a lighter approach without support for listing public shares, only install cifs-utils to provide /usr/bin/mount.cifs.

To list public shares on a server:

$ smbclient -L hostname -U%

Create a mount point for the share:

# mkdir /mnt/mountpoint

Mount the share using the mount.cifs type. Not all the options listed below are needed or desirable (ie. password).

# mount -t cifs //SERVER/sharename /mnt/mountpoint -o user=username,password=password,workgroup=workgroup,ip=serverip

SERVER

The Windows system name.

sharename

The shared directory.

mountpoint

The local directory where the share will be mounted.

-o [options]

See mount.cifs(8) for more information.
Note:
  • Abstain from using a trailing /. //SERVER/sharename/ will not work.
  • If your mount does not work stable, stutters or freezes, try to enable different SMB protocol version with vers= option. For example, vers=2.0 for Windows Vista mount.

Add Share to /etc/fstab

The simplest way to add an fstab entry is something like this:

/etc/fstab
//SERVER/sharename /mnt/mountpoint cifs username=username,password=password 0 0

However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and chmod 600 filename so only the owning user can read and write to it. It should contain the following information:

/path/to/credentials/sambacreds
username=username
password=password

and the line in your fstab should look something like this:

/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/credentials/sambacreds 0 0

If using systemd (modern installations), one can utilize the comment=systemd.automount option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing uid and gid options.

Warning: Using the uid and gid options may cause input ouput errors in programs that try to fetch data from network drives.
/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/smbcredentials,comment=systemd.automount,uid=username,gid=usergroup 0 0
Note: Space in sharename should be replaced by \040 (ASCII code for space in octal). For example, //SERVER/share name on the command line should be //SERVER/share\040name in /etc/fstab.

User mounting

/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs users,credentials=/path/to/smbcredentials,workgroup=workgroup,ip=serverip 0 0
Note: The option is users (plural). For other filesystem types handled by mount, this option is usually user; sans the "s".

This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use smbnetfs, or grant privileges using sudo.

WINS host names

The smbclient package provides a driver to resolve host names using WINS. To enable it, add “wins” to the “hosts” line in /etc/nsswitch.conf.

Automatic mounting

There are several ways to easily browse shared resources:

smbnetfs

Note: smbnetfs needs an intact Samba server setup. See above on how to do that.

First, check if you can see all the shares you are interested in mounting:

$ smbtree -U remote_user

If that does not work, find and modify the following line in /etc/samba/smb.conf accordingly:

domain master = auto

Now restart smbd.service and nmbd.service.

If everything works as expected, install smbnetfs from the official repositories.

Then, add the following line to /etc/fuse.conf:

user_allow_other

and load the fuse kernel module:

# modprobe fuse

Now copy the directory /etc/smbnetfs/.smb to your home directory:

$ cp -a /etc/smbnetfs/.smb ~

Then create a link to smb.conf:

$ ln -sf /etc/samba/smb.conf ~/.smb/smb.conf

If a username and a password are required to access some of the shared folders, edit ~/.smb/smbnetfs.auth to include one or more entries like this:

~/.smb/smbnetfs.auth
auth			"hostname" "username" "password"

It is also possible to add entries for specific hosts to be mounted by smbnetfs, if necessary. More details can be found in ~/.smb/smbnetfs.conf.

If you are using the Dolphin or Nautilus file managers, you may want to the following to ~/.smb/smbnetfs.conf to avoid "Disk full" errors as smbnetfs by default will report 0 bytes of free space:

~/.smb/smbnetfs.conf
free_space_size 1073741824

When you are done with the configuration, you need to run

$ chmod 600 ~/.smb/smbnetfs.*

Otherwise, smbnetfs complains about 'insecure config file permissions'.

Finally, to mount your Samba network neighbourhood to a directory of your choice, call

$ smbnetfs mount_point
Daemon

The Arch Linux package also maintains an additional system-wide operation mode for smbnetfs. To enable it, you need to make the said modifications in the directoy /etc/smbnetfs/.smb.

Then, you can start and/or enable the smbnetfs daemon as usual. The system-wide mount point is at /mnt/smbnet/.

autofs

See Autofs for information on the kernel-based automounter for Linux.

File manager configuration

GNOME Files, Nemo, Thunar and PCManFM

In order to access samba shares through GNOME Files, Nemo, Thunar or PCManFM, install the gvfs-smb package, available in the official repositories.

Press Ctrl+l and enter smb://servername/share in the location bar to access your share.

The mounted share is likely to be present at /run/user/your_UID/gvfs in the filesystem.

KDE

KDE, has the ability to browse Samba shares built in. Therefore do not need any additional packages. However, for a GUI in the KDE System Settings, install the kdenetwork-filesharing package from the official repositories.

If when navigating with Dolphin you get a "Time Out" Error, you should uncomment and edit this line in smb.conf:

name resolve order = lmhosts bcast host wins

as shown in this page.

Other graphical environments

There are a number of useful programs, but they may need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.

  • pyneighborhood is available in the official repositories.
  • LinNeighborhood, RUmba, xffm-samba plugin for Xffm are not available in the official repositories or the AUR. As they are not officially (or even unofficially supported), they may be obsolete and may not work at all.

See also