Samba (简体中文)
Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end Samba 是SMB/CIFS网络协议的重新实现, 它作为NFS的补充使得在Linux和Windows系统中进行文件共享、打印机共享更容易实现。一些用户说Samba配置简单,操作直观。然而,许多新用户会因为它的复杂性和非直观的机制而遇到问题。强烈建议新用户仔细按照下面的指导。
安装
如果只是访问文件,而不需要共享文件,仅安装客户端程序就足够了.
# pacman -S smbclient
为了可以共享文件, 安装Samba包( 这将同时安装客户端 ):
# pacman -S samba
配置
基本配置
文件 /etc/samba/smb.conf
必须在守护进程运行前生成。一旦被建立起来,用户就可以选择使用SWAT这种更高级的接口来配置了。
使用root账户,拷贝默认的Samba配置文件到/etc/samba/smb.conf
:
# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
打开smb.conf
并按照你的需要编辑它。默认为每个用户的家目录生成一个共享。同时生成一个打印机共享。
man smb.conf
查看更多可用选项。
要开机自动运行samba,在 rc.conf
中如下一行添加守护进程:
DAEMONS=(... ... samba ... ...)
手动管理 samba:
# rc.d {start|stop|restart} samba
基于命令行的选择
增加用户
要登入Samba共享,你应该增加一个用户.
Samba 3.4.0 的增加方法如下:
# pdbedit -a -u <user>
早期的方法:
# smbpasswd -a <user>
存在smbpasswd数据,转换成新格式
你的用户名必须是已经存在的. 如果不存在你可能得到一个错误:
Failed to modify password entry for user "<user>"
你可以用adduser增加一个新用户给Linux. This article does not cover adding users to Windows systems.
Web-based configuration (SWAT)
SWAT (Samba Web Administration Tool) is a facility that is part of the Samba suite. Whether or not to use this tool remains a matter of personal preference. It does allow for quick configuration and has context-sensitive help for each smb.conf
parameter. SWAT also provides an interface for monitoring of current state of connection(s), and allows network-wide MS Windows network password management.
/etc/samba/smb.conf
with a fully optimized file that has been stripped of all comments, and only non-default settings will be written to the file.To use SWAT, two systemd unit files come with the samba package that allow for socket activation. The SWAT service will be called automatically should a user call on the configured socket. In this case, a TCP connection on a specific port.
First, review the socket configuration:
/usr/lib/systemd/system/swat.socket
[Unit] Description=SWAT Samba Web Admin Tool [Socket] ListenStream=127.0.0.1:901 Accept=true [Install] WantedBy=sockets.target
/etc/systemd/system/swat.socket
, and replace 127.0.0.1 with your system's LAN ip. i.e. 192.168.1.80:901
.When satisfied with the configuration, start the socket:
# systemctl start swat.socket
Or, should you want to enable SWAT during boot, enable:
# systemctl enable swat.socket
The web interface can now be accessed on port 901 by default:
http://localhost:901/
Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods The graphical manner is limited. Some Desktop Environments have a way to facilitate accessing these shared resources. However, most do not. In fact, most lightweight DE's and WM's offer no native method.
There are two parts to share access. First is the underlying file system mechanism, and second is the interface which allows the user to select to mount shared resources. Some environments have the first part built into them.
If you are using KDE, it has the ability to browse Samba shares. You therefore do not need any additional packages. (However, for a GUI in the KDE System Settings you have to install the kdenetwork-filesharing package from [extra]. Another program choice is SMB4K.) If, however, you plan to use the share in Gnome or solely from a shell, you will need an additional package.
从Gnome/Xfce4访问Samba共享
为了从Nautilus访问Samba共享,你必须首先安装gvfs-smb和gnome-vfs包
# pacman -S gvfs-smb gnome-vfs
为了在 Xfce4 中使用 thunar 访问,只需要安装 gvfs-smb
# pacman -S gvfs-smb
在Nautilus/Thunar中, 按 Template:Keypress+Template:Keypress 或者点击菜单栏的 "转到" - "位置..." -- 然后在"位置:" 栏输入:
smb://servername/share
你也可以使用另一个Gnome浏览程序Gnomba.
如果在运行 iptables ,nf_conntrack_netbios_ns 模块必须被加载:
modprobe nf_conntrack_netbios_ns
从其他图形环境访问共享
There are a number of useful programs, but they will need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.
LinNeighborhood is non-specific when it comes to the DE or WM. It can be seen as a simple and generic X-based LAN browser and share mounter. Not pretty, but effective.
Other possible programs include pyneighborhood and RUmba, as well as the xffm-samba plugin for Xffm.
从命令行访问 Samba 共享
共享可以使用自动挂载访问,或者通过手动方式。
自动挂载共享
有很多方法可以简单的访问共享.
smbnetfs
1. 安装 smbnetfs:
# pacman -S smbnetfs
2. 在 /etc/fuse.conf
中添加下面内容:
user_allow_other
3. 载入fuse
内核模块:
# modprobe fuse
4. 启动 smbnetfs
daemon:
# /etc/rc.d/smbnetfs start
通过适当的配置,他就可以将所有的共享自动挂载到 /mnt/smbnet
下.
参考如下,设置/etc/rc.conf
文件使其在启动时访问共享:
MODULES=(... fuse ...) DAEMONS=(... smbnetfs ...)
如果你需要让别人输入用户名和密码来访问共享文件夹, 你需要编辑 /etc/smbnetfs/.smb/smbnetfs.conf
文件,取消"auth"前的注释:
auth "WORKGROUP/username" "password"
然后, 你需要改变 /etc/smbnetfs/.smb/smbnetfs.conf
的权限来是smbnetfs正常工作:
# chmod 600 /etc/smbnetfs/.smb/smbnetfs.conf
fusesmb
$ yaourt -S fusesmb
2. 创建一个挂载点:
# mkdir /mnt/fusesmb
3. 载入fuse
模块:
# modprobe fuse
4. 挂载共享:
# fusesmb -o allow_other /mnt/fusesmb
为了启动是自动挂载共享文件夹, 将以上命令增加到/etc/rc.local
文件中,并将fuse
模块增加到 /etc/rc.conf
中:
MODULES=(... fuse ...)
Autofs
See Autofs for information on the kernel-based automounter for Linux.
手动挂载共享
1. Use smbclient to browse shares from the shell. To list any public shares on a server:
$ smbclient -L <hostname> -U%
2. 为共享创建一个挂载点:
# mkdir /mnt/MOUNTPOINT
3. 使用 mount.cifs
挂载共享. 请记住并不是所有选项都需要, 比如 password
:
# mount -t cifs //SERVER/SHARENAME MOUNTPOINT -o user=USERNAME,password=PASSWORD,workgroup=WORKGROUP,ip=SERVERIP
SERVER
- Windows系统的名称
SHARENAME
- 共享目录
MOUNTPOINT
- 希望将共享目录挂载于其上的本地目录
-o [options]
- 指定命令选项
mount.cifs
user
- 挂载共享时所用用户名
password
- 共享目录的密码
workgroup
- 指定工作组名
ip
- 如果系统无法通过名字( DNS, WINS, hosts entry 等)搜索到 Windows 电脑,需要指定服务器的IP地址。
//SERVER/SHARENAME/
will not work.4. 可以用下面的命令卸载共享:
# umount /mnt/MOUNTPOINT
添加共享到 fstab
为了方便地使用共享,可以添加下面的内容到 /etc/fstab
:
//SERVER/SHARENAME /mnt/MOUNTPOINT cifs noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
The noauto
option disables mounting it automatically at boot and noatime
increases performance by skipping inode access times.
After adding the previous line, the syntax to mount files becomes simpler:
# mount /mnt/MOUNTPOINT
Allowing users to mount
Before enabling access to the mount commands, fstab
needs to be modified. Add the users
options to the entry in /etc/fstab
:
//SERVER/SHARENAME /path/to/SHAREMOUNT cifs users,noauto,noatime,username=USER,password=PASSWORD,workgroup=WORKGROUP 0 0
users
(plural). For other filesystem types handled by mount, this option is usually user; sans the "s".This will allow users to mount it aslong as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use #smbnetfs, or grant privileges using sudo.
Tips and tricks
Edit /etc/samba/smb.conf
and add the following line:
map to guest = Bad User
After this line
security = user
If you want to restrict the shares data to a specific interface replace:
; interfaces = 192.168.12.2/24 192.168.13.2/24
with:
interfaces = lo eth0 bind interfaces only = true
(changing eth0 to the local network you want share with.)
If you want to edit the account that access the shares, edit the following line:
; guest account = nobody
The last step is to create share directory (for write access make writable = yes):
[Public Share] path = /path/to/public/share available = yes browsable = yes public = yes writable = no
Sample configuration file
The configuration that worked for one user:
[global] workgroup = WORKGROUP server string = Samba Server netbios name = PC_NAME security = share ; the line below is important! If you have permission issues make ; sure the user here is the same as the user of the folder you ; want to share guest account = mark username map = /etc/samba/smbusers name resolve order = hosts wins bcast wins support = no
[public] comment = Public Share path = /path/to/public/share available = yes browsable = yes public = yes writable = no
If nothing is known about other systems on the local network, and automated tools such as #smbnetfs are not available, the following methods allow one to manually probe for Samba shares.
1. First, install nmap and smbclient using pacman:
# pacman -S nmap smbclient
2. nmap
checks which ports are open:
# nmap -sT 192.168.1.*
In this case, a scan on the 192.168.1.* IP address range has been performed, resulting in:
$ nmap -sT 192.168.1.*
Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT Interesting ports on 192.168.1.1: (The 1661 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 139/tcp open netbios-ssn 5000/tcp open UPnP Interesting ports on 192.168.1.5: (The 1662 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 6000/tcp open X11 Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
The first result is another system; the second happens to be the client from where this scan was performed.
3. Now that systems with port 139 open are revealed, use nmblookup
to check for NetBIOS names:
$ nmblookup -A 192.168.1.1
Looking up status of 192.168.1.1 PUTER <00> - B <ACTIVE> HOMENET <00> - <GROUP> B <ACTIVE> PUTER <03> - B <ACTIVE> PUTER <20> - B <ACTIVE> HOMENET <1e> - <GROUP> B <ACTIVE> USERNAME <03> - B <ACTIVE> HOMENET <1d> - B <ACTIVE> MSBROWSE <01> - <GROUP> B <ACTIVE>
Regardless of the output, look for <20>, which shows the host with open services.
4. Use smbclient
to list which services are shared on PUTER. If prompted for a password, pressing enter should still display the list:
$ smbclient -L \\PUTER
Sharename Type Comment --------- ---- ------- MY_MUSIC Disk SHAREDDOCS Disk PRINTER$ Disk PRINTER Printer IPC$ IPC Remote Inter Process Communication Server Comment --------- ------- PUTER Workgroup Master --------- ------- HOMENET PUTER
This shows which folders are shared and can be mounted locally. See: #Accessing Samba shares
Remote control of Windows computer
Samba offers a set of tools for communication with Windows. These can be handy in case you can't access a Windows computer through remote desktop, as shown by some examples.
Send shutdown command with a comment:
$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD
If you prefer a forced shutdown instead change -C with comment to a single -f. For a restart you only add -r, followed by a -C or -f.
Stop and start services:
$ net rpc service stop SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD
To see all possible net rpc command:
$ net rpc
Troubleshooting
If you are having trouble accessing a password protected share from Windows, try adding this to /etc/samba/smb.conf
:[1]
Note that you have to add this to your local smb.conf, not to the server's smb.conf
[global] # lanman fix client lanman auth = yes client ntlmv2 auth = no
Getting a dialog box up takes a long time
I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:
[2009/11/11 06:20:12, 0] printing/print_cups.c:cups_connect(103) Unable to connect to CUPS server localhost:631 - Interrupted system call
I don't have any printer connected to this server, so I added this to the global section:
load printers = no printing = bsd disable spoolss = yes printcap name = /dev/null
Not sure if all of them are necessary, but at least it works now.
Changes in Samba version 3.4.0
Major enhancements in Samba 3.4.0 include:
The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration!
If you would like to stick to the 'smbpasswd' backend try changing this in /etc/samba/smb.conf
:
passdb backend = smbpasswd
or convert your smbpasswd entries using:
sudo pdbedit -i smbpasswd -e tdbsam
Error: Value too large for defined data type
With some applications you could get this error whith every attempt to open a file mounted in smbfs/cifs:
Value too large for defined data type
The solution[2] is to add this options to your smbfs/cifs mount options (in /etc/fstab for example):
,nounix,noserverino
It works on Arch Linux up-to-date (2009-12-02)