Difference between revisions of "Talk:Samba"

From ArchWiki
Jump to: navigation, search
(use https for links to archlinux.org)
m (Server Configuration - Creating a Share: answer Gabriel)
 
(42 intermediate revisions by 17 users not shown)
Line 1: Line 1:
== SWAT ==
 
 
The line states in part: "If xinetd was compiled with tcpwrapper flag enabled".  Does anyone know how one might know if this is the case? - [[User:KitchM|KitchM]] 00:18, 24 March 2010 (EDT)
 
 
When I started xinetd according to instructions I got this message in everything.log: "Port not specified and can't find service: swat with getservbyname"
 
Portnumber was not set in the default SWAT configuration file /etc/xinetd.d/swat.
 
I added the line "port = 901". When I restarted xinetd I got the message "service/protocol combination not in /etc/services: swat/tcp". I selected an unassigned number and added the line "swat 1001/tcp" in /etc/services. I changed port number to 1001 in /etc/xinetd.d/swat. Now I could log into SWAT on http://localhost:1001. [[User:Erlhel|Erlhel]] 18:45, 7 April 2012 (EDT)
 
 
 
== Share Access ==
 
== Share Access ==
  
Line 30: Line 22:
 
:(Please sign your edits in discussion pages with {{ic|<nowiki>~~~~</nowiki>}})
 
:(Please sign your edits in discussion pages with {{ic|<nowiki>~~~~</nowiki>}})
 
:I think you have a point, _netdev should probably be added to the mount options. -- [[User:Kynikos|Kynikos]] 06:15, 13 December 2011 (EST)
 
:I think you have a point, _netdev should probably be added to the mount options. -- [[User:Kynikos|Kynikos]] 06:15, 13 December 2011 (EST)
 +
{{ic|<nowiki>~~~~</nowiki>}}
 +
:The fstab setting "comment=systemd.automount" does not work with mount.cifs "comment" or x-sysmted.* is not mentioned in the man-page of mount.cifs. -- [[User:Some1|Some1]] 22:05 22.Nov 2013
  
 
 
== Messy ==
 
== Messy ==
  
Line 50: Line 43:
 
:I tried the ''smbclient -L'' command and also got this message. I suspect it is just an overly talkative program rather than an indication of an error. Might be worth mentioning this, unless someone knows how a missing config file could cause a real problem. [[User:Vadmium|Vadmium]] ([[User talk:Vadmium|talk]]) 01:58, 3 December 2012 (UTC).
 
:I tried the ''smbclient -L'' command and also got this message. I suspect it is just an overly talkative program rather than an indication of an error. Might be worth mentioning this, unless someone knows how a missing config file could cause a real problem. [[User:Vadmium|Vadmium]] ([[User talk:Vadmium|talk]]) 01:58, 3 December 2012 (UTC).
  
== security <nowiki>=</nowiki> share deprecated ==
+
==<s> Outdated information</s> ==
{{ic|security <nowiki>=</nowiki> share}} is deprecated as of December 2010, apparently. (see more at [http://lists.samba.org/archive/samba/2010-December/160046.html Samba mailing list]) [[User:Zachera|Zachera]] ([[User talk:Zachera|talk]]) 10:22, 13 January 2013 (UTC)
+
 
 +
Firstly, security = share is now completely removed, and as such, is ignored when parsed.
 +
 
 +
Secondly, "systemctl start samba" fails to start the service. Checking the log file yields this message:
 +
<pre> At this time the 'samba' binary should only be used for either:
 +
  'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
 +
  You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks
 +
</pre>
 +
 
 +
I will remove the suggestions to use the samba service, as they misled me.
 +
[[User:Dawmail333|Dawmail333]] ([[User talk:Dawmail333|talk]]) 11:30, 4 September 2013 (UTC)
 +
 
 +
:For the record, this is the edit that introduced the mention of the samba service: [https://wiki.archlinux.org/index.php?title=Samba&diff=271999&oldid=271958].
 +
:This is the edit that removed it: [https://wiki.archlinux.org/index.php?title=Samba&curid=5021&diff=274343&oldid=273530&rcid=386073].
 +
:The first edit's summary links to http://www.samba.org/samba/history/samba-4.0.0.html
 +
:I don't have an up-to-date knowledge of Samba and integration with Windows networks in general, but this all seems strictly related to [[Active Directory Integration]], that's also why I've requested the merge of the articles.
 +
:-- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 09:56, 5 September 2013 (UTC)
 +
::I wasn't the first to mention the samba service, it was introduced one revision earlier. I made the edit because i found the prev. version confusing. As to if what i wrote was correct, i admit i didn't test it myself due to time constraint. If it doesn't work as advertised, then good riddance.
 +
::The "AD Integration" article was quite helpful to me recently, there is a lot of info in there. I think it should stay as separate article. There is quite a clear topical separation here. The "Ad Int." article is specifically about setting up a linux-host to join a AD/Kerbereros Domain. The necessary Samba config is just one part of it, it also talks about kerberos and setting up the PAM config correctly.
 +
::[[User:Bwid|Bwid]] ([[User talk:Bwid|talk]]) 17:37, 5 September 2013 (UTC)
 +
 
 +
:::Ok, thanks for explaining, let's leave the article like it is, I've also withdrawn my merge requests. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 10:42, 8 September 2013 (UTC)
 +
 
 +
::::Item clarified. Closing. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 08:58, 16 July 2016 (UTC)
 +
 
 +
== permissions ==
 +
 
 +
I spend hours to try sharing files for guest access in my /home/[user]/Public. Finally I see something from the page Samba/Tips_and_tricks "Note: Make sure the guest also has permission to visit /path, /path/to and /path/to/public". the access to /home/[user] is forbidden for Groups and Others ! So I use /srv/public instead, but this precious information must be write somewhere. [[User:Mikhaddo|Mikhaddo]] ([[User talk:Mikhaddo|talk]]) 14:24, 3 September 2015 (UTC)
 +
 
 +
== smb.conf permissions ==
 +
 
 +
Would it be appropriate to change the “cp /etc/samba/smb.conf.default /etc/samba/smb.conf” command in the instructions to “cp -a /etc/samba/smb.conf.default /etc/samba/smb.conf” or otherwise have a note to make sure smb.conf is world-readable? On my setup, a plain cp resulted in permissions of 600, and “net usershare” absolutely refused to work with the unhelpful message “usershares are currently disabled” until I finally discovered that the permissions on the config file were incorrect. [[User:TravisE|TravisE]] ([[User talk:TravisE|talk]]) 07:52, 4 November 2015 (UTC)
 +
 
 +
== Samba automount ==
 +
 
 +
''Moved from [[User talk:Indigo]], discussion relates to [[Samba#As_systemd_unit]]'' --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 18:11, 2 March 2016 (UTC)
 +
 
 +
Hi Indigo,
 +
 
 +
Thanks for the edit and link to the man page, but I'm still hoping for a more easy solution: '.. It only indicates that the network management stack is up after it has been reached.
 +
.. services using the network should hence simply place an After=network.target dependency in their unit files, and avoid any Wants=network.target or even Requires=network.target'.
 +
 
 +
Is there no other method to check if an network service is started? Or should the Requirement line simple be removed?
 +
 
 +
Thanks! :)
 +
[[User:Francoism|Francoism]] ([[User talk:Francoism|talk]]) 20:34, 29 February 2016 (UTC)
 +
 
 +
:Hi, no problem. There are other methods, but it gets more complicated. So, sorry I am not aware of an easy other method that works with any network management service, let's both have hope :) Network mounts like via samba are susceptible to fail easily, I would not remove Requires= for such (particularly since not everyone uses the listed networkd-online or nm-online). The Requires= actually can be handy as well, because it means you don't need to have the network managemnt started. Once you [[start]] mnt-myshare.mount, it would automatically start the Requires= unit. Or, once you stop the required unit, the mount is brought down first. Ok? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 21:24, 29 February 2016 (UTC)
 +
::I don't know if the Require line is still needed thought, since it already has set network-online as dep.
 +
::An issue could occur when using/restart or switching between multiple network services, resulting in (share) connections getting drop or creating multiple connections.
 +
::On testing, I didn't found any (share-)disconnect issues resulting in network failures/changing IP's, restarting backends, etc. The share would simple lose it's connections, and restore the connection when it could reach the server again.
 +
::Therefore I would recommend of dropping the Require string, since it should not depend on a (single) backend, but simple on the IP-settings.
 +
::Let me know your thoughts. :)
 +
::[[User:Francoism|Francoism]] ([[User talk:Francoism|talk]]) 11:43, 2 March 2016 (UTC)
 +
 
 +
:::Well, if you test it and it works with different backends safely on connect/disconnect, sure - the Requires= is not a pre-requisite for the unit to work. I did not want to dive into the topic, but since you ask: my first thought is that [https://wiki.archlinux.org/index.php?title=Samba&diff=423466&oldid=423465 this] note is a nuisance. It would be cleaner, if a custom systemd unit mnt-myshare.mount works without any "You may have to enable unit xyz...", no matter what service takes care of the network connection. network-online.target is a systemd standard. I have not followed, if all the major network configuration tools now adjusted to adhere to it so that other units can safely depend on ordering behind it only. If yes I wonder, why systemd-networkd-wait-online.service even exists..
 +
:::My second thought: the mnt-myshare.mount unit's dependencies should ensure that manual stopping of the connection is not possible, if it is in use (e.g. files open via the share). I don't know if that was part of your test; my expectation to a network share these days is that either the service and protocol (samba, cifs) tries to ensure no data is lost or the unit mounting the share.
 +
:::My third thought (only now that I look at the [[Samba#Automatic_mounting]] section): I would never use the mnt-myshare.mount anyway. Why? Because it will try to find the //server/sharename each time '''any''' network connection goes up. Imagine you connect to a public hotel/university w/lan (no samba server you need there), samba starts searching, someone in the public network sniffs the query. Next time you connect to the same hotel/university w/lan a named share may be found, samba tries to connect and with that -oops- your share credentials are over the wire. As is, this is classic information leakage. I would always bind such a automount to a particular network connection, i.e. let it have some sort of pre-authentication. Obviously, this last thought makes the whole thing more complicated again. I would not say that the unit must reflect it, but maybe a general warning is a sensible thing to add.
 +
:::tl;dr: If you tested it and it works without Requires= for other network services than those mentioned in [https://wiki.archlinux.org/index.php?title=Samba&diff=423466&oldid=423465 the note], fine with me to remove it. I am not using samba with a systemd installation currently, so I cannot give it a try.
 +
:::--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 18:20, 2 March 2016 (UTC)
 +
 
 +
== Server Configuration - Creating a Share ==
 +
 
 +
I have a question regarding what are we supposed to understand with the sentence at [[[https://wiki.archlinux.org/index.php/Samba#Creating_a_share]]]:
 +
 
 +
''On Windows side, be sure to change smb.conf to the in-use Windows Workgroup (default: WORKGROUP).''
 +
 
 +
From my point of view this means that the Workgroup on 'smb.conf' should be the same as the workgroup used on Windows and '''nothing''' needs to be changed on any Windows Machine. If that is the case, could we rephrase that as:
 +
 
 +
''Also remember to change smb.conf to the in-use Windows Workgroup (default: WORKGROUP).''
 +
 
 +
Or did I miss something here?
 +
 
 +
-- [[User:Gbc921|Gabriel B. Casella]] ([[User talk:Gbc921|talk]]) 19:46, 26 July 2016 (UTC)
  
== Fixing this Article ==
+
:Yeah the current phrasing is definitely weird. How about:
  
I am trying to fix this article, see [[User:Axanon/sandbox/Samba]] for my current progress. Suggestions and comments can be made here: [[User talk:Axanon/sandbox/Samba]].  
+
:''The 'workgroup' specified in smb.conf has to match the in use Windows workgroup (default: WORKGROUP).''
  
Goals:
+
:[[User:Larivact|Larivact]] ([[User talk:Larivact|talk]]) 06:40, 27 July 2016 (UTC)
# Clean up grammar.
+
# Organize sections for better flow.
+
# Remove duplicate information.
+
# Split troubleshooting and tips to: Samba/troubleshooting and Samba/Tips and tricks.
+
[[User:Axanon|Axanon]] ([[User talk:Axanon|talk]]) 20:25, 23 January 2013 (UTC)
+

Latest revision as of 06:41, 27 July 2016

Share Access

Is the implication with the difference between KDE and Gnome on accessing shares that other DE's need special configurations as well? - KitchM 02:06, 7 May 2010 (EDT)

As I read it, the difference is made between KDE and Gnome's graphical file managers (3.2) and from commandline (3.3). On the other hand, gvfs belongs to gnome - all a tad confusing. See my post below for a suggestion on how to rewrite that bit. Hokasch 12:02, 18 May 2010 (EDT)
Thanks; very nice! I'm totally with you on this. In fact, what if someone uses a different file manager? Why are there so many different network browser mechanisms? Why so many different network protocols? Etc., etc.. I picked Ext3 only once when I installed the OS, and I didn't even have to configure that. I was able to connect to the Internet with little work. But to hook my computer to another one on my own LAN, I've got to jump thru hoops. That bugs the heck out of me. There's got to be a better way. - KitchM 01:43, 19 May 2010 (EDT)
I am not aware of other filebrowsers that can browse/mount shares on the fly. With thunar and fluxbox, I used some of the solutions mentioned later (fusesmb or so). Look here for some quick adjustments (didnt' want to mess up the paragraphs on the official page for now): https://wiki.archlinux.org/index.php/User:Hokasch/SambaHokasch 08:31, 19 May 2010 (EDT)
The issue is actually that the underlying services are not correctly done. For instance, if the user wishes to access a network share, the only thing that must be there (besides the other computers being turned on and physically connected to the LAN) is for the proper service to be running so that the OS knows that the computers are available. All file managers should then be able to see the shares available. This should be automatic.
Why should a person have to use a network browser, such as Avahi or LinNeighborhood? If those work, then the file manager should be able to handle that as well. Right now, if I use one of these to mount a network share, then any file manager can see that item and automatically list it in the directory tree. Since my file manager (XFE) can mount and unmount things, there is only one part missing, and that isn't the fault of the file manager. - KitchM 13:46, 24 May 2010 (EDT)

Rearrangement

It might be a very helpful thing for an expert on the subject to work this whole article over in a better arrangement of the process. I have found that the comments here point out a few issues, and my experience notes a couple things. I found the following basic outline: 1. install, 2. configure smb.conf, 3. start daemons, 4. add users, 5. access shares from other computers on LAN, and 6. mounting those shares

What seems to be left out are: 1. more smb.conf details, 2. creating shares, 3. making them available for other computers, and ?

_netdev mount option

when adding a share to /etc/fstab, wouldn't adding _netdev be a good idea?

(Please sign your edits in discussion pages with ~~~~)
I think you have a point, _netdev should probably be added to the mount options. -- Kynikos 06:15, 13 December 2011 (EST)

~~~~

The fstab setting "comment=systemd.automount" does not work with mount.cifs "comment" or x-sysmted.* is not mentioned in the man-page of mount.cifs. -- Some1 22:05 22.Nov 2013

Messy

This page is a bit of a mess.. KDE file sharing it at the bottom but numerious deprecated method are listed in the main article..

smb.conf file required for smbclient?

I get an error (warning) when I try to use smbclient without Samba server on that client? Should the wiki be updated to clarify the necessity of smb.conf on smbclient installs only? The wiki is confusing to me because it appears that smb.conf is not required for smbclient only installs.

Error below:

params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/smb.conf":
	No such file or directory
smbclient: Can't load /etc/samba/smb.conf - run testparm to debug it

Forgive me, this is my first talk entry.Stevepa (talk) 18:43, 2 December 2012 (UTC)

I tried the smbclient -L command and also got this message. I suspect it is just an overly talkative program rather than an indication of an error. Might be worth mentioning this, unless someone knows how a missing config file could cause a real problem. Vadmium (talk) 01:58, 3 December 2012 (UTC).

Outdated information

Firstly, security = share is now completely removed, and as such, is ignored when parsed.

Secondly, "systemctl start samba" fails to start the service. Checking the log file yields this message:

  At this time the 'samba' binary should only be used for either:
  'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'
  You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks

I will remove the suggestions to use the samba service, as they misled me. Dawmail333 (talk) 11:30, 4 September 2013 (UTC)

For the record, this is the edit that introduced the mention of the samba service: [1].
This is the edit that removed it: [2].
The first edit's summary links to http://www.samba.org/samba/history/samba-4.0.0.html
I don't have an up-to-date knowledge of Samba and integration with Windows networks in general, but this all seems strictly related to Active Directory Integration, that's also why I've requested the merge of the articles.
-- Kynikos (talk) 09:56, 5 September 2013 (UTC)
I wasn't the first to mention the samba service, it was introduced one revision earlier. I made the edit because i found the prev. version confusing. As to if what i wrote was correct, i admit i didn't test it myself due to time constraint. If it doesn't work as advertised, then good riddance.
The "AD Integration" article was quite helpful to me recently, there is a lot of info in there. I think it should stay as separate article. There is quite a clear topical separation here. The "Ad Int." article is specifically about setting up a linux-host to join a AD/Kerbereros Domain. The necessary Samba config is just one part of it, it also talks about kerberos and setting up the PAM config correctly.
Bwid (talk) 17:37, 5 September 2013 (UTC)
Ok, thanks for explaining, let's leave the article like it is, I've also withdrawn my merge requests. -- Kynikos (talk) 10:42, 8 September 2013 (UTC)
Item clarified. Closing. --Indigo (talk) 08:58, 16 July 2016 (UTC)

permissions

I spend hours to try sharing files for guest access in my /home/[user]/Public. Finally I see something from the page Samba/Tips_and_tricks "Note: Make sure the guest also has permission to visit /path, /path/to and /path/to/public". the access to /home/[user] is forbidden for Groups and Others ! So I use /srv/public instead, but this precious information must be write somewhere. Mikhaddo (talk) 14:24, 3 September 2015 (UTC)

smb.conf permissions

Would it be appropriate to change the “cp /etc/samba/smb.conf.default /etc/samba/smb.conf” command in the instructions to “cp -a /etc/samba/smb.conf.default /etc/samba/smb.conf” or otherwise have a note to make sure smb.conf is world-readable? On my setup, a plain cp resulted in permissions of 600, and “net usershare” absolutely refused to work with the unhelpful message “usershares are currently disabled” until I finally discovered that the permissions on the config file were incorrect. TravisE (talk) 07:52, 4 November 2015 (UTC)

Samba automount

Moved from User talk:Indigo, discussion relates to Samba#As_systemd_unit --Indigo (talk) 18:11, 2 March 2016 (UTC)

Hi Indigo,

Thanks for the edit and link to the man page, but I'm still hoping for a more easy solution: '.. It only indicates that the network management stack is up after it has been reached. .. services using the network should hence simply place an After=network.target dependency in their unit files, and avoid any Wants=network.target or even Requires=network.target'.

Is there no other method to check if an network service is started? Or should the Requirement line simple be removed?

Thanks! :) Francoism (talk) 20:34, 29 February 2016 (UTC)

Hi, no problem. There are other methods, but it gets more complicated. So, sorry I am not aware of an easy other method that works with any network management service, let's both have hope :) Network mounts like via samba are susceptible to fail easily, I would not remove Requires= for such (particularly since not everyone uses the listed networkd-online or nm-online). The Requires= actually can be handy as well, because it means you don't need to have the network managemnt started. Once you start mnt-myshare.mount, it would automatically start the Requires= unit. Or, once you stop the required unit, the mount is brought down first. Ok? --Indigo (talk) 21:24, 29 February 2016 (UTC)
I don't know if the Require line is still needed thought, since it already has set network-online as dep.
An issue could occur when using/restart or switching between multiple network services, resulting in (share) connections getting drop or creating multiple connections.
On testing, I didn't found any (share-)disconnect issues resulting in network failures/changing IP's, restarting backends, etc. The share would simple lose it's connections, and restore the connection when it could reach the server again.
Therefore I would recommend of dropping the Require string, since it should not depend on a (single) backend, but simple on the IP-settings.
Let me know your thoughts. :)
Francoism (talk) 11:43, 2 March 2016 (UTC)
Well, if you test it and it works with different backends safely on connect/disconnect, sure - the Requires= is not a pre-requisite for the unit to work. I did not want to dive into the topic, but since you ask: my first thought is that this note is a nuisance. It would be cleaner, if a custom systemd unit mnt-myshare.mount works without any "You may have to enable unit xyz...", no matter what service takes care of the network connection. network-online.target is a systemd standard. I have not followed, if all the major network configuration tools now adjusted to adhere to it so that other units can safely depend on ordering behind it only. If yes I wonder, why systemd-networkd-wait-online.service even exists..
My second thought: the mnt-myshare.mount unit's dependencies should ensure that manual stopping of the connection is not possible, if it is in use (e.g. files open via the share). I don't know if that was part of your test; my expectation to a network share these days is that either the service and protocol (samba, cifs) tries to ensure no data is lost or the unit mounting the share.
My third thought (only now that I look at the Samba#Automatic_mounting section): I would never use the mnt-myshare.mount anyway. Why? Because it will try to find the //server/sharename each time any network connection goes up. Imagine you connect to a public hotel/university w/lan (no samba server you need there), samba starts searching, someone in the public network sniffs the query. Next time you connect to the same hotel/university w/lan a named share may be found, samba tries to connect and with that -oops- your share credentials are over the wire. As is, this is classic information leakage. I would always bind such a automount to a particular network connection, i.e. let it have some sort of pre-authentication. Obviously, this last thought makes the whole thing more complicated again. I would not say that the unit must reflect it, but maybe a general warning is a sensible thing to add.
tl;dr: If you tested it and it works without Requires= for other network services than those mentioned in the note, fine with me to remove it. I am not using samba with a systemd installation currently, so I cannot give it a try.
--Indigo (talk) 18:20, 2 March 2016 (UTC)

Server Configuration - Creating a Share

I have a question regarding what are we supposed to understand with the sentence at [[[3]]]:

On Windows side, be sure to change smb.conf to the in-use Windows Workgroup (default: WORKGROUP).

From my point of view this means that the Workgroup on 'smb.conf' should be the same as the workgroup used on Windows and nothing needs to be changed on any Windows Machine. If that is the case, could we rephrase that as:

Also remember to change smb.conf to the in-use Windows Workgroup (default: WORKGROUP).

Or did I miss something here?

-- Gabriel B. Casella (talk) 19:46, 26 July 2016 (UTC)

Yeah the current phrasing is definitely weird. How about:
The 'workgroup' specified in smb.conf has to match the in use Windows workgroup (default: WORKGROUP).
Larivact (talk) 06:40, 27 July 2016 (UTC)