Difference between revisions of "Samba (简体中文)"

From ArchWiki
Jump to: navigation, search
(Page removed.)
Line 111: Line 111:
 
  # pacman -S gvfs-smb
 
  # pacman -S gvfs-smb
  
在Nautilus/Thunar中, 按 {{Keypress|Ctrl}}+{{Keypress|L}} 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:
+
在Nautilus/Thunar中, 按 {{ic|Ctrl}}+{{ic|L}} 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:
 
  smb://servername/share
 
  smb://servername/share
  

Revision as of 10:34, 1 September 2013

Tango-preferences-desktop-locale.png本页面需要更新翻译,内容可能已经与英文脱节。要贡献翻译,请访问简体中文翻译组Tango-preferences-desktop-locale.png

附注: 文章与英文严重脱节,翻译前请先同步英文。

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end Samba 是SMB/CIFS网络协议的重新实现, 它作为NFS的补充使得在Linux和Windows系统中进行文件共享、打印机共享更容易实现。一些用户说Samba配置简单,操作直观。然而,许多新用户会因为它的复杂性和非直观的机制而遇到问题。强烈建议新用户仔细按照下面的指导。

安装

如果只是访问文件,而不需要共享文件,仅安装客户端程序就足够了.

# pacman -S smbclient

为了可以共享文件, 安装Samba包( 这将同时安装客户端 ):

# pacman -S samba

配置

基本配置

文件 /etc/samba/smb.conf 必须在守护进程运行前生成。一旦被建立起来,用户就可以选择使用SWAT这种更高级的接口来配置了。

使用root账户,拷贝默认的Samba配置文件到/etc/samba/smb.conf:

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf

打开smb.conf并按照你的需要编辑它。默认为每个用户的家目录生成一个共享。同时生成一个打印机共享。

man smb.conf 查看更多可用选项。

要开机自动运行samba,在 rc.conf 中如下一行添加守护进程:

DAEMONS=(... ... samba ... ...)

手动管理 samba:

# rc.d {start|stop|restart} samba

基于命令行的选择

增加用户

要登入Samba共享,你应该增加一个用户.

Samba 3.4.0 的增加方法如下:

# pdbedit -a -u <user>

早期的方法:

# smbpasswd -a <user>

存在smbpasswd数据,转换成新格式

你的用户名必须是已经存在的. 如果不存在你可能得到一个错误:

Failed to modify password entry for user "<user>"

你可以用adduser增加一个新用户给Linux. This article does not cover adding users to Windows systems.

注意: smbpasswd 不再被 Samba version 3.4.0 默认使用。

Web-based configuration (SWAT)

SWAT (Samba Web Administration Tool) is a facility that is part of the Samba suite. Whether or not to use this tool remains a matter of personal preference. It does allow for quick configuration and has context-sensitive help for each smb.conf parameter. SWAT also provides an interface for monitoring of current state of connection(s), and allows network-wide MS Windows network password management.

Warning: Before using SWAT, be warned that SWAT will completely replace /etc/samba/smb.conf with a fully optimized file that has been stripped of all comments, and only non-default settings will be written to the file.

To use SWAT, two systemd unit files come with the samba package that allow for socket activation. The SWAT service will be called automatically should a user call on the configured socket. In this case, a TCP connection on a specific port.

First, review the socket configuration:

/usr/lib/systemd/system/swat.socket
[Unit]
Description=SWAT Samba Web Admin Tool

[Socket]
ListenStream=127.0.0.1:901
Accept=true

[Install]
WantedBy=sockets.target
Note: By default SWAT will only be available from the localhost, the system the SWAT service is installed on. If SWAT should be available for external connections, copy the unit to /etc/systemd/system/swat.socket, and replace 127.0.0.1 with your system's LAN ip. i.e. 192.168.1.80:901.

When satisfied with the configuration, start the socket:

# systemctl start swat.socket

Or, should you want to enable SWAT during boot, enable:

# systemctl enable swat.socket

The web interface can now be accessed on port 901 by default: http://localhost:901/

Note: An all-encompasing Webmin tool is also available, and the SWAT module can be loaded there.

Accessing shares

Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods The graphical manner is limited. Some Desktop Environments have a way to facilitate accessing these shared resources. However, most do not. In fact, most lightweight DE's and WM's offer no native method.

There are two parts to share access. First is the underlying file system mechanism, and second is the interface which allows the user to select to mount shared resources. Some environments have the first part built into them.

If you are using KDE, it has the ability to browse Samba shares. You therefore do not need any additional packages. (However, for a GUI in the KDE System Settings you have to install the kdenetwork-filesharing package from [extra]. Another program choice is SMB4K.) If, however, you plan to use the share in Gnome or solely from a shell, you will need an additional package.

从Gnome/Xfce4访问Samba共享

为了从Nautilus访问Samba共享,你必须首先安装gvfs-smbgnome-vfs

# pacman -S gvfs-smb gnome-vfs

为了在 Xfce4 中使用 thunar 访问,只需要安装 gvfs-smb

# pacman -S gvfs-smb

在Nautilus/Thunar中, 按 Ctrl+L 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:

smb://servername/share
注意: 如果你的服务器名称不在 /etc/hosts 中,你必须使用 IP 地址访问服务器。

你也可以使用另一个Gnome浏览程序Gnomba.

如果在运行 iptables ,nf_conntrack_netbios_ns 模块必须被加载:

modprobe nf_conntrack_netbios_ns

从其他图形环境访问共享

There are a number of useful programs, but they will need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.

LinNeighborhood is non-specific when it comes to the DE or WM. It can be seen as a simple and generic X-based LAN browser and share mounter. Not pretty, but effective.

Other possible programs include pyneighborhood and RUmba, as well as the xffm-samba plugin for Xffm.

从命令行访问 Samba 共享

共享可以使用自动挂载访问,或者通过手动方式

自动挂载共享

有很多方法可以简单的访问共享.

smbnetfs

1. 安装 smbnetfs:

# pacman -S smbnetfs

2. 在 /etc/fuse.conf中添加下面内容:

user_allow_other

3. 载入fuse内核模块:

# modprobe fuse

4. 启动 smbnetfs daemon:

# /etc/rc.d/smbnetfs start

通过适当的配置,他就可以将所有的共享自动挂载到 /mnt/smbnet下.

参考如下,设置/etc/rc.conf文件使其在启动时访问共享:

MODULES=(... fuse ...)
DAEMONS=(... smbnetfs ...)

如果你需要让别人输入用户名和密码来访问共享文件夹, 你需要编辑 /etc/smbnetfs/.smb/smbnetfs.conf文件,取消"auth"前的注释:

auth			"WORKGROUP/username" "password"

然后, 你需要改变 /etc/smbnetfs/.smb/smbnetfs.conf 的权限来是smbnetfs正常工作:

# chmod 600 /etc/smbnetfs/.smb/smbnetfs.conf
fusesmb
注意: 因为 smbclient 3.2.Xfusesmb不兼容, 如果想使用fusesmb来访问共享,请将smbclient 3.2.X恢复到旧的版本. 详见 relevant forum topic论坛主题.

1. 使用yaourtAUR安装fusesmbAUR包:

$ yaourt -S fusesmb

2. 创建一个挂载点:

# mkdir /mnt/fusesmb

3. 载入fuse模块:

# modprobe fuse

4. 挂载共享:

# fusesmb -o allow_other /mnt/fusesmb

为了启动是自动挂载共享文件夹, 将以上命令增加到/etc/rc.local文件中,并将fuse模块增加到 /etc/rc.conf中:

MODULES=(... fuse ...)
Autofs

See Autofs for information on the kernel-based automounter for Linux.

手动挂载共享

1. Use smbclient to browse shares from the shell. To list any public shares on a server:

$ smbclient -L <hostname> -U%

2. 为共享创建一个挂载点:

# mkdir /mnt/MOUNTPOINT

3. 使用 mount.cifs挂载共享. 请记住并不是所有选项都需要, 比如 password:

# mount -t cifs //SERVER/SHARENAME MOUNTPOINT -o user=USERNAME,password=PASSWORD,workgroup=WORKGROUP,ip=SERVERIP
SERVER
Windows系统的名称
SHARENAME
共享目录
MOUNTPOINT
希望将共享目录挂载于其上的本地目录
-o [options]
指定命令选项 mount.cifs
user
挂载共享时所用用户名
password
共享目录的密码
workgroup
指定工作组名
ip
如果系统无法通过名字( DNS, WINS, hosts entry 等)搜索到 Windows 电脑,需要指定服务器的IP地址。
Note: Abstain from using trailing directory (/) characters. Using //SERVER/SHARENAME/ will not work.

4. 可以用下面的命令卸载共享:

# umount /mnt/MOUNTPOINT
添加共享到 fstab

为了方便地使用共享,可以添加下面的内容到 /etc/fstab :

//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0

The noauto option disables mounting it automatically at boot and noatime increases performance by skipping inode access times.

After adding the previous line, the syntax to mount files becomes simpler:

# mount /mnt/MOUNTPOINT
Allowing users to mount

Before enabling access to the mount commands, fstab needs to be modified. Add the users options to the entry in /etc/fstab:

//SERVER/SHARENAME /path/to/SHAREMOUNT cifs users,noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
Note: The option is users (plural). For other filesystem types handled by mount, this option is usually user; sans the "s".

This will allow users to mount it aslong as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use #smbnetfs, or grant privileges using sudo.

Tips and tricks

Share files for your LAN without user and password

Edit /etc/samba/smb.conf and add the following line:

map to guest = Bad User

After this line

security = user

If you want to restrict the shares data to a specific interface replace:

;   interfaces = 192.168.12.2/24 192.168.13.2/24

with:

interfaces = lo eth0
bind interfaces only = true

(changing eth0 to the local network you want share with.)

If you want to edit the account that access the shares, edit the following line:

;   guest account = nobody

The last step is to create share directory (for write access make writable = yes):

[Public Share]
path = /path/to/public/share
available = yes
browsable = yes
public = yes
writable = no

Sample configuration file

The configuration that worked for one user:

[global]
workgroup = WORKGROUP
server string = Samba Server
netbios name = PC_NAME
security = share
; the line below is important! If you have permission issues make
; sure the user here is the same as the user of the folder you
; want to share
guest account = mark
username map = /etc/samba/smbusers
name resolve order = hosts wins bcast
wins support = no
[public] comment = Public Share path = /path/to/public/share available = yes browsable = yes public = yes writable = no

Discovering network shares

If nothing is known about other systems on the local network, and automated tools such as #smbnetfs are not available, the following methods allow one to manually probe for Samba shares.

1. First, install nmap and smbclient using pacman:

# pacman -S nmap smbclient

2. nmap checks which ports are open:

# nmap -sT 192.168.1.*

In this case, a scan on the 192.168.1.* IP address range has been performed, resulting in:

$ nmap -sT 192.168.1.*
Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT
Interesting ports on 192.168.1.1:
(The 1661 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
139/tcp  open  netbios-ssn
5000/tcp open  UPnP

Interesting ports on 192.168.1.5:
(The 1662 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
6000/tcp open  X11

Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds

The first result is another system; the second happens to be the client from where this scan was performed.

3. Now that systems with port 139 open are revealed, use nmblookup to check for NetBIOS names:

$ nmblookup -A 192.168.1.1
Looking up status of 192.168.1.1
        PUTER           <00> -         B <ACTIVE>
        HOMENET         <00> - <GROUP> B <ACTIVE>
        PUTER           <03> -         B <ACTIVE>
        PUTER           <20> -         B <ACTIVE>
        HOMENET         <1e> - <GROUP> B <ACTIVE>
        USERNAME        <03> -         B <ACTIVE>
        HOMENET         <1d> -         B <ACTIVE>
        MSBROWSE        <01> - <GROUP> B <ACTIVE>

Regardless of the output, look for <20>, which shows the host with open services.

4. Use smbclient to list which services are shared on PUTER. If prompted for a password, pressing enter should still display the list:

$ smbclient -L \\PUTER
Sharename       Type      Comment
---------       ----      -------
MY_MUSIC        Disk
SHAREDDOCS      Disk
PRINTER$        Disk
PRINTER         Printer
IPC$            IPC       Remote Inter Process Communication

Server               Comment
---------            -------
PUTER

Workgroup            Master
---------            -------
HOMENET               PUTER

This shows which folders are shared and can be mounted locally. See: #Accessing Samba shares

Remote control of Windows computer

Samba offers a set of tools for communication with Windows. These can be handy in case you can't access a Windows computer through remote desktop, as shown by some examples.

Send shutdown command with a comment:

$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD

If you prefer a forced shutdown instead change -C with comment to a single -f. For a restart you only add -r, followed by a -C or -f.

Stop and start services:

$ net rpc service stop SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD

To see all possible net rpc command:

$ net rpc

Troubleshooting

Trouble accessing a password-protected share from Windows

If you are having trouble accessing a password protected share from Windows, try adding this to /etc/samba/smb.conf:[1]

Note that you have to add this to your local smb.conf, not to the server's smb.conf

[global]
# lanman fix
client lanman auth = yes
client ntlmv2 auth = no

Getting a dialog box up takes a long time

I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:

[2009/11/11 06:20:12,  0] printing/print_cups.c:cups_connect(103)
Unable to connect to CUPS server localhost:631 - Interrupted system call

I don't have any printer connected to this server, so I added this to the global section:

load printers = no
printing = bsd
disable spoolss = yes
printcap name = /dev/null

Not sure if all of them are necessary, but at least it works now.

Changes in Samba version 3.4.0

Major enhancements in Samba 3.4.0 include:

The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration!

If you would like to stick to the 'smbpasswd' backend try changing this in /etc/samba/smb.conf:

passdb backend = smbpasswd

or convert your smbpasswd entries using:

sudo pdbedit -i smbpasswd -e tdbsam

Error: Value too large for defined data type

With some applications you could get this error whith every attempt to open a file mounted in smbfs/cifs:

 Value too large for defined data type

The solution[2] is to add this options to your smbfs/cifs mount options (in /etc/fstab for example):

 ,nounix,noserverino

It works on Arch Linux up-to-date (2009-12-02)

Resources