Difference between revisions of "Samba (正體中文)"

From ArchWiki
Jump to navigation Jump to search
Line 11: Line 11:
{{Translateme (简体中文)|文章与英文严重脱节,翻译前请先同步英文。}}
{{Related articles start (简体中文)}}
{{Related|Samba/Tips and tricks}}
{{Related|Samba Domain Controller}}
{{Related|Active Directory Integration}}
{{Related articles end}}
'''Samba''' 是SMB/CIFS网络协议的重新实现, 它作为[[NFS (简体中文)|NFS]]的补充使得在Linux和Windows系统中进行文件共享、打印机共享更容易实现。一些用户说Samba配置简单,操作直观。然而,许多新用户会因为它的复杂性和非直观的机制而遇到问题。强烈建议新用户仔细按照下面的指导。
# pacman -S smbclient
为了可以共享文件, 安装Samba包( 这将同时安装客户端 ):
# pacman -S samba
文件 {{ic|/etc/samba/smb.conf}} 必须在守护进程运行前生成。一旦被建立起来,用户就可以选择使用SWAT这种更高级的接口来配置了。
# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
{{ic|man smb.conf}} 查看更多可用选项。
要开机自动运行samba,在 {{ic|[[rc.conf (简体中文)|rc.conf]]}} 中如下一行添加守护进程:
DAEMONS=(... ... samba ... ...)
手动管理 samba:
# rc.d {start|stop|restart} samba
=== 基于命令行的选择 ===
Samba 3.4.0 的增加方法如下:
# pdbedit -a -u <user>
# smbpasswd -a <user>
你的用户名必须是已经存在的. 如果不存在你可能得到一个错误:
Failed to modify password entry for user "<user>"
你可以用[[User Management#adduser|adduser]]增加一个新用户给Linux. This article does not cover adding users to Windows systems.
{{注意|smbpasswd 不再被 [[Samba#Changes_in_Samba_version_3.4.0|Samba version 3.4.0]] 默认使用。 }}
=== Web-based configuration (SWAT)===
'''SWAT''' (Samba Web Administration Tool) is a facility that is part of the Samba suite. Whether or not to use this tool remains a matter of personal preference. It does allow for quick configuration and has context-sensitive help for each {{ic|smb.conf}} parameter. SWAT also provides an interface for monitoring of current state of connection(s), and  allows network-wide MS Windows network password management.
{{Warning|Before using SWAT, be warned that SWAT will completely replace {{ic|/etc/samba/smb.conf}} with a fully optimized file that has been stripped of all comments, and only non-default settings will be written to the file.}}
To use SWAT, two [[systemd]] unit files come with the samba package that allow for socket activation. The SWAT service will be called automatically should a user call on the configured socket. In this case, a TCP connection on a specific port.
First, review the socket configuration:
Description=SWAT Samba Web Admin Tool
{{Note|By default SWAT will only be available from the localhost, the system the SWAT service is installed on. If SWAT should be available for external connections, copy the unit to {{ic|<nowiki>/etc/systemd/system/swat.socket</nowiki>}}, and replace with your system's LAN ip. i.e. {{ic|<nowiki></nowiki>}}.}}
When satisfied with the configuration, start the socket:
# systemctl start swat.socket
Or, should you want to enable SWAT during boot, enable:
# systemctl enable swat.socket
The web interface can now be accessed on port 901 by default:
{{Note|An all-encompasing [[Webmin]] tool is also available, and the SWAT module can be loaded there.}}
==Accessing shares==
Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods  The graphical manner is limited.  Some Desktop Environments have a way to facilitate accessing these shared resources.  However, most do not.  In fact, most lightweight DE's and WM's offer no native method.
There are two parts to share access.  First is the underlying file system mechanism, and second is the interface which allows the user to select to mount shared resources.  Some environments have the first part built into them.
If you are using KDE, it has the ability to browse Samba shares.  You therefore do not need any additional packages.  (However, for a GUI in the KDE System Settings you have to install the kdenetwork-filesharing package from [extra].  Another program choice is SMB4K.)  If, however, you plan to use the share in Gnome or solely from a shell, you will need an additional package.
# pacman -S gvfs-smb gnome-vfs
为了在 Xfce4 中使用 thunar 访问,只需要安装 {{pkg|gvfs-smb}}
# pacman -S gvfs-smb
在Nautilus/Thunar中, 按 {{ic|Ctrl}}+{{ic|L}} 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:
{{注意|如果你的服务器名称不在 {{ic|/etc/hosts}} 中,你必须使用 IP 地址访问服务器。}}
如果在运行 iptables ,'''nf_conntrack_netbios_ns''' 模块必须被加载:
modprobe nf_conntrack_netbios_ns
There are a number of useful programs, but they will need to have packages created for them.  This can be done with the Arch package build system.  The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.
LinNeighborhood is non-specific when it comes to the DE or WM.  It can be seen as a simple and generic X-based LAN browser and share mounter.  Not pretty, but effective.
Other possible programs include pyneighborhood and RUmba, as well as the xffm-samba plugin for Xffm.
===从命令行访问 Samba 共享===
1. 安装 {{Pkg|smbnetfs}}:
# pacman -S smbnetfs
2. 在 {{ic|/etc/fuse.conf}}中添加下面内容:
3. 载入{{ic|fuse}}内核模块:
# modprobe fuse
4. 启动 {{ic|smbnetfs}} [[daemon]]:
# /etc/rc.d/smbnetfs start
通过适当的配置,他就可以将所有的共享自动挂载到 {{ic|/mnt/smbnet}}下.
MODULES=(... '''fuse''' ...)
DAEMONS=(... '''smbnetfs''' ...)
如果你需要让别人输入用户名和密码来访问共享文件夹, 你需要编辑 {{ic|/etc/smbnetfs/.smb/smbnetfs.conf}}文件,取消"auth"前的注释:
auth "WORKGROUP/username" "password"
然后, 你需要改变 {{ic|/etc/smbnetfs/.smb/smbnetfs.conf}} 的权限来是smbnetfs正常工作:
# chmod 600 /etc/smbnetfs/.smb/smbnetfs.conf
{{注意|1=因为 {{ic|smbclient 3.2.X}}和{{ic|fusesmb}}不兼容, 如果想使用fusesmb来访问共享,请将{{ic|smbclient 3.2.X}}恢复到旧的版本. 详见 [https://bbs.archlinux.org/viewtopic.php?id=58434 relevant forum topic]论坛主题.}}
1. 使用[[yaourt]]从[[AUR]]安装{{AUR|fusesmb}}包:
$ yaourt -S fusesmb
2. 创建一个挂载点:
# mkdir /mnt/fusesmb
3. 载入{{ic|fuse}}模块:
# modprobe fuse
4. 挂载共享:
# fusesmb -o allow_other /mnt/fusesmb
为了启动是自动挂载共享文件夹, 将以上命令增加到{{ic|/etc/rc.local}}文件中,并将{{ic|fuse}}模块增加到 {{ic|/etc/rc.conf}}中:
MODULES=(... '''fuse''' ...)
See [[Autofs]] for information on the kernel-based automounter for Linux.
1. Use [[smbclient]] to browse shares from the shell. To list any public shares on a server:
$ smbclient -L <hostname> -U%
2. 为共享创建一个挂载点:
# mkdir /mnt/MOUNTPOINT
3. 使用 {{ic|mount.cifs}}挂载共享. 请记住并不是所有选项都需要, 比如 {{ic|password}}:
# mount -t cifs //''SERVER''/''SHARENAME'' ''MOUNTPOINT'' -o user=''USERNAME'',password=''PASSWORD'',workgroup=''WORKGROUP'',ip=''SERVERIP''
;{{ic|SERVER}}: Windows系统的名称
;{{ic|SHARENAME}}: 共享目录
;{{ic|MOUNTPOINT}}: 希望将共享目录挂载于其上的本地目录
;{{ic|-o [options]}}: 指定命令选项 {{ic|mount.cifs}}
:;{{ic|user}}: 挂载共享时所用用户名
:;{{ic|password}}: 共享目录的密码
:;{{ic|workgroup}}: 指定工作组名
:;{{ic|ip}}: 如果系统无法通过名字( DNS, WINS, hosts entry 等)搜索到 Windows 电脑,需要指定服务器的IP地址。
{{Note|Abstain from using trailing directory ('''/''') characters. Using {{ic|//SERVER/SHARENAME'''/'''}} will not work.}}
4. 可以用下面的命令卸载共享:
# umount /mnt/MOUNTPOINT
=====添加共享到 {{ic|fstab}}=====
为了方便地使用共享,可以添加下面的内容到 {{ic|/etc/[[fstab]]}} :
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
The {{ic|noauto}} option disables mounting it automatically at boot and {{ic|noatime}} increases performance by skipping inode access times.
After adding the previous line, the syntax to mount files becomes simpler:
# mount /mnt/MOUNTPOINT
=====Allowing users to mount=====
Before enabling access to the mount commands, {{ic|fstab}} needs to be modified. Add the {{ic|users}} options to the entry in {{ic|/etc/fstab}}:
//SERVER/SHARENAME /path/to/SHAREMOUNT cifs '''users''',noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
{{Note|The option is {{ic|user'''s'''}} (plural). For other filesystem types handled by mount, this option is usually  ''user''; sans the "'''s'''".}}
This will allow users to mount it aslong as the mount point resides in a directory ''controllable'' by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use [[#smbnetfs]], or grant privileges using [[sudo]].
== Tips and tricks ==
=== Share files for your LAN without user and password ===
Edit {{ic|/etc/samba/smb.conf}} and add the following line:
map to guest = Bad User
After this line
security = user
If you want to restrict the shares data to a specific interface replace:
;  interfaces =
interfaces = lo eth0
bind interfaces only = true
(changing eth0 to the local network you want share with.)
If you want to edit the account that access the shares, edit the following line:
;  guest account = nobody
The last step is to create share directory (for write access make writable = yes):
[Public Share]
path = /path/to/public/share
available = yes
browsable = yes
public = yes
writable = no
=== Sample configuration file ===
The configuration that worked for one user:
workgroup = WORKGROUP
server string = Samba Server
netbios name = PC_NAME
security = share
; the line below is important! If you have permission issues make
; sure the user here is the same as the user of the folder you
; want to share
guest account = mark
username map = /etc/samba/smbusers
name resolve order = hosts wins bcast
wins support = no<br />
comment = Public Share
path = /path/to/public/share
available = yes
browsable = yes
public = yes
writable = no
=== Discovering network shares ===
If nothing is known about other systems on the local network, and automated tools such as [[#smbnetfs]] are not available, the following methods allow one to manually probe for Samba shares.
1. First, install {{Pkg|nmap}} and {{Pkg|smbclient}} using [[pacman]]:
# pacman -S nmap smbclient
2. {{ic|nmap}} checks which ports are open:
# nmap -sT 192.168.1.*
In this case, a scan on the 192.168.1.* IP address range has been performed, resulting in:
|$ nmap -sT 192.168.1.*
|Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT
Interesting ports on
(The 1661 ports scanned but not shown below are in state: closed)
'''139/tcp  open  netbios-ssn'''
5000/tcp open  UPnP
Interesting ports on
(The 1662 ports scanned but not shown below are in state: closed)
6000/tcp open  X11
Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
The first result is another system; the second happens to be the client from where this scan was performed.
3. Now that systems with port 139 open are revealed, use {{ic|nmblookup}} to check for NetBIOS names:
|$ nmblookup -A
|Looking up status of
        PUTER          <00> -        B <ACTIVE>
        HOMENET        <00> - <GROUP> B <ACTIVE>
        PUTER          <03> -        B <ACTIVE>
        '''PUTER          <20> -        B <ACTIVE>'''
        HOMENET        <1e> - <GROUP> B <ACTIVE>
        USERNAME        <03> -        B <ACTIVE>
        HOMENET        <1d> -        B <ACTIVE>
        MSBROWSE        <01> - <GROUP> B <ACTIVE>
Regardless of the output, look for '''<20>''', which shows the host with open services.
4. Use {{ic|smbclient}} to list which services are shared on ''PUTER''. If prompted for a password, pressing enter should still display the list:
|$ smbclient -L \\PUTER
Sharename      Type      Comment
---------      ----      -------
MY_MUSIC        Disk
PRINTER$        Disk
PRINTER        Printer
IPC$            IPC      Remote Inter Process Communication
Server              Comment
---------            -------
Workgroup            Master
---------            -------
HOMENET              PUTER
This shows which folders are shared and can be mounted locally. See: [[#Accessing Samba shares]]
=== Remote control of Windows computer ===
Samba offers a set of tools for communication with Windows. These can be handy in case you can't access a Windows computer through remote desktop, as shown by some examples.
Send shutdown command with a comment:
$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD
If you prefer a forced shutdown instead change -C with comment to a single -f. For a restart you only add -r, followed by a -C or -f.
Stop and start services:
To see all possible net rpc command:
$ net rpc
== Troubleshooting ==
=== Trouble accessing a password-protected share from Windows ===
If you are having trouble accessing a password protected share from Windows, try adding this to {{ic|/etc/samba/smb.conf}}:[http://blogs.computerworld.com/networking_nightmare_ii_adding_linux]
Note that you have to add this to your '''local''' smb.conf, not to the server's smb.conf
# lanman fix
client lanman auth = yes
client ntlmv2 auth = no
=== Getting a dialog box up takes a long time ===
I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:
[2009/11/11 06:20:12,  0] printing/print_cups.c:cups_connect(103)
Unable to connect to CUPS server localhost:631 - Interrupted system call
I don't have any printer connected to this server, so I added this to the global section:
load printers = no
printing = bsd
disable spoolss = yes
printcap name = /dev/null
Not sure if all of them are necessary, but at least it works now.
=== Changes in Samba version 3.4.0 ===
[http://www.samba.org/samba/history/samba-3.4.0.html Major enhancements in Samba 3.4.0] include:
The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration!
If you would like to stick to the 'smbpasswd' backend try changing this in {{ic|/etc/samba/smb.conf}}:
passdb backend = smbpasswd
or convert your smbpasswd entries using:
sudo pdbedit -i smbpasswd -e tdbsam
=== Error: Value too large for defined data type ===
With some applications you could get this error whith every attempt to open a file mounted in smbfs/cifs:
  Value too large for defined data type
The solution[https://bugs.launchpad.net/ubuntu/+bug/479266/comments/5] is to add this options to your smbfs/cifs mount options (in /etc/fstab for example):
''It works on Arch Linux up-to-date (2009-12-02)''
== Resources ==
*[http://www.samba.org/ Samba's official site]
*[http://www.samba.org/samba/docs/SambaIntro.html Samba: An Introduction]

Revision as of 13:32, 8 October 2014