Samba - first steps. Creating a home network using Samba for devices running Windows, Linux, Android OS Samba Service

Nowadays, it is quite common to find computers running Linux and Windows on the same local network. The reasons for this symbiosis can be different: for example, the owners of an Internet cafe did not have enough funds to purchase a licensed OS for all computers, or a system administrator was simply hired positive sides Linux. The popularity of Microsoft operating systems is largely determined by client software for Windows. It's no secret that this sector software very developed. Many companies have made serious efforts to this and have created really good, and most importantly, easy-to-use programs that even an ordinary user can easily master. But as a server, Windows’ position is no longer so clear. A server running Unix is ​​traditionally characterized by reliability, stable operation, security and often lower requirements for system resources. But in any case, simply connecting computers with different software platforms to the network will not get the expected result. The problem is that these two systems use different principles for organizing network resources that are incompatible with each other.
Since there is no need to wait for Microsoft's mercy, and Windows is unlikely to learn to work with the Unix network file system (NFS) using standard means, and, to be honest, I don't know third-party programs, the most popular way is to try to teach Unix to “pretend” that if it were Windows NT.

Interaction in a network of computers running Windows is based on the use of the protocol SMB (Server Message Block)- blocks of server messages. It ensures that all the tasks necessary in these cases are performed: opening and closing, reading and writing, searching for files, creating and deleting directories, setting a print job and deleting it from there. All actions necessary for this are implemented in Unix-like operating systems using the package SAMBA. Its capabilities can be divided into two categories: provision of resources (by which we mean access to the printer system and files) for Windows clients and access to client resources. That is, a computer running Linux can act as both a server and a client. First, let's consider the SAMBA server option.

What should SAMBA provide for normal operation on a network of Windows machines? First, access control, which can be implemented either at the resource level (share level), when a password and corresponding usage rules are assigned to any resource on the network (for example, “read only”), while the user name has absolutely no no meaning; or a more advanced and flexible organization at the user level, when an account is created for each user, which, in addition to the name and password, contains all the necessary information about access rights to the resource. Before gaining access to the required resource, each user is authenticated, after which he is granted rights according to his accounts. Secondly, emulation of access rights determined by the file system is necessary. The thing is that the systems in question have access rights to files and directories on the disk differently. In Unix, there are traditionally three categories of file users: owner, group And the rest (other). Each of these entities may be provided read permissions, write And execution. In Windows NT, the access system is somewhat more flexible; access is granted to several groups or users, and the corresponding access rights are determined separately for each subject. Therefore, it is impossible to fully emulate the access rights inherent in NTFS using SAMBA.

With clients running Windows 9x, the situation is different. Since the time of the grandfather of DOS, due to the fact that the system is single-user and there could be no talk of any users, much less groups, only four attributes have been defined for the FAT file system - read only, system, archive and hidden. Plus, in Windows, unlike Unix, the file extension has a special meaning - those that are intended to be executed have the extensions .exe, .com or .bat. When copying files from Unix machines to computers running Windows control attributes are set like this:

only for reading- reading, writing for the owner;

archival- execution for the owner;

systemic- execution for the group;

hidden - execution for the group.

A network of Windows machines can be organized as a workgroup, when the computers are independent of each other and each has its own database of passwords and logins with its own security policy, and also as an NT domain. The entire basis for user and computer authentication is managed primary domain controller (PDC, Primary Domain Controller), i.e. centralized. Samba allows you to restrict access at all of these levels and acts as a "master browser" in the context of a workgroup or domain controller.

We have sorted out the general organizational issues. Let's now look specifically at the implementation and configuration of a SAMBA server in Linux. For the Samba server to work, two daemons must be running: smbd, which provides a print and file sharing service for Samba clients (such as Windows of all stripes), and nmbd, which powers the NetBIOS name service (it can also be used to query other name service daemons). The protocol is used to access clients TCP/IP. Typically, Samba is installed with a Linux distribution. How to check? Just give the command:

and you should get something like this:

Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz

If it is not included in the standard distribution, then welcome to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or almost any server with programs for Linux. The package is easy to install, so in order not to take up space, we will assume that you have it installed. Now let's check if the daemon is running:

$ ps -aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D

As you can see, I already have it running. If you don’t have it, and you want it to start when the system boots, then in Linux Mandrake, for example, check the desired box in DrakConf- starting services or in Red Hat Control-panel- Service Configuration, usually this is enough. Or start manually: ./etc/rc.d/init.d/smb start. The only Samba configuration file is called smb.conf and is usually located in the /etc directory (although in AltLinux, for example, it is in the /etc/samba directory). The SAMBA service reads it every 60 seconds, so changes made to the configuration take effect without rebooting, but do not apply to already established connections.

This is why I love Linux, because the configuration files are plain text (and well commented inside), and in order to use most of the parameters, you just need to uncomment the corresponding line. The smb.conf file is no exception. It consists of named sections starting with the section name enclosed in square brackets. Inside each section there are a number of parameters in the form key=value. The configuration file contains four special sections: , and individual resources (shares). As the name suggests, the section contains the most general characteristics that will apply everywhere, but which, however, can then be overridden in sections for individual resources. Some parameters in this section are also relevant to configuring the Samba client part.

Values ​​of typical section parameters global:

Workgroup = group_name # name of the workgroup on the Windows network netbios name = name of the server on the network server string = comment that is visible in the network browsing properties window guest ok = yes # allowing guest login (guest ok = no - guest login is prohibited) guest account = nobody # name under which guest login is allowed security = user # Access level. user - at the user level, security = share - authentication based on username and password. When storing the password database on another SMB server, the values ​​security = server and password server = name_server_NT are used. If the server is a member of a domain, the value security = domain is used, the access password is specified in the file defined using the smb passwd file = /path/to/file option.

In addition, during registration you can use encrypted and unencrypted (plain-text) passwords. The latter are used in older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (up to Service Pack 3)). To enable the option to use an encrypted password, use the encrypt password = yes option. Please pay special attention to this option. On older Linux distributions that were built during the Windows 95 era (and with an older version of Samba), password encryption is disabled by default, and samba before version 2.0 does not support this mode at all (by the way, this option and similar ones - those that do not relate to access to specific resources - are also used in the client).

To correctly display Russian file names, the following options are needed: client code page = 866 and character set = koi8-r. In distributions with good localization, for example, derivatives from Mandrake and Russian ones, this line is already there; sometimes it’s enough just to uncomment it, but in most others you have to add it yourself.

The option interfaces = 192.168.0.1/24 specifies which network (interface) the program should run on if the server is connected to several networks at once. When setting the bind interfaces only = yes parameter, the server will only respond to requests from these networks.

hosts allow = 192.168.1. 192.168.2. 127. - defines clients for whom access to the service is allowed.

In the global section, you can use various variables for more flexible configuration of the server. After the connection is established, real values ​​are substituted instead. For example, in the log file = /var/log/samba/%m.log directive, the %m parameter helps define a separate log file for each client machine. Here are the most common variables used in the global section:

%a - OS architecture on the client machine (possible values ​​- Win95, Win NT, UNKNOWN, etc.);

%m - NetBIOS name of the client computer;

%L - NetBIOS name of the SAMBA server;

%v - SAMBA version;

%I - IP address of the client computer;

%T - date and time;

%u - name of the user working with the service;

%H is the home directory of user %u.

Also, for more flexible configuration, the include directive is used, using the above variables. For example: include = /etc/samba/smb.conf.%m - now when you request sales from a computer and there is a file /etc/samba/smb.conf.sales, the configuration will be taken from this file. If there is no separate file for a particular machine, then a common file is used to work with it.

# sudo vim /etc/samba/sambacreds username=proft password=1 username=noboy password=

Set the access rights to 0600

Sudo chmod 0600 /etc/samba/sambacreds

New mount line

Mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101

And an example for /etc/fstab

//192.168.24.101/public /home/proft/shares/public cifs noauto,username=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101 0 0

You can open the resource in the Nautilus/Nemo/etc file manager using this path smb://192.268.24.101.

If Nemo writes Nemo cannot handle "smb" locations. it means the package is missing gvfs-smb.

Access to the server with Windows and Android client

Under Windows, you can find out the workgroup from the console using

Net config workstation

You can open resources on a remote machine by typing the UNC address in the Explorer line or in Run (Start - Run): \192.168.24.101 .

On Android you can connect to the server using ES File Explorer, on the Network tab, add a server, simply by IP (without specifying the scheme, smb). After which you can open the shared resources. For statistics: an HDRIP movie runs without any slowdown.

Additional reading

Or maybe it’s just interest and curiosity that push users to search for various suitable software. Samba is one such software. You need to know how to set up Samba on Ubuntu Server if you want to turn your computer into a database or file storage.

Installing Samba on Ubuntu Server allows you to create a database.

If you thought that the page was dedicated to learning dance, you were slightly mistaken. Samba is free software. It provides access to printers and files. And it does this on various operating systems.

What is it for?

In comparison with other software packages for similar purposes, Samba has several advantages and features.

• Allows you to connect a Unix-like system, i.e., any Linux and Windows system, to each other. And not only Windows. The program is very “omnivorous”: MacOS, Solaris and other operating systems of varying degrees of popularity.
• Samba allows Windows users to use Ubuntu computers as a server. That is, use the files to which access has been established, as well as some of the connected devices.
• Supports the NT Domain domain structure, manages NT users, supports member and primary controller functions.

Probably, for many, the main thing from this is communication with Windows machines. In this case, they act as a client, and the Ubuntu computer acts as a server. On the other hand, an Ubuntu user can also access Windows network folders.

Samba has been produced since 1992. And, most importantly, new versions are still being released. The latter was released on March 7, 2017. Every year, developers try to establish compatibility with a large number of different versions of operating systems, but the main feature remains the connection of Linux systems with Microsoft. Compared to Windows Server, Samba may be inferior to it due to the lack of support for some protocols and host infrastructure. However, many argue that the speed of Samba is much higher.

Setting up Samba

Before setting up, the program must be installed. Installing Samba is done in the same way as with other programs - by entering the command into the terminal:

sudo apt-get install samba

Please note right away: all the steps that will be described, including installing the program, can be performed both on simple Ubuntu and on Ubuntu Server. Only the latter has an exclusively text interface available.

After installation, you should make a backup of the configuration file:

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

$ sudo vi /etc/samba/smb.conf

Or we edit an existing one. This file contains the basic settings of the Samba server. To figure out what we'll do next, we need to understand what the different lines mean.

• Workgroup - working group. The value of this parameter will also often be Workgroup, since in Windows the default workgroup domain looks like this.
• Netbios name is the name of the Ubuntu computer as seen by Windows users. Here you can enter the value at your discretion.
• Security - user authorization mode. The default is User, that is, authentication at the user level. For now, it's best to leave it that way.
• Os level - indicates the priority that Samba has over other clients (PCs) on the local or Internet network.
• Name resolve order - order of IP address resolution by NetBIOS name.
• Read only - privilege to read or write a directory. The value can be “yes” - read only, “no” - write.

Create a user

This is the simplest action with which you can start working with Samba.

Add a user in the OS itself:

$ useradd -M -l -s /sbin/nologin username

Let's create a password for it:

Let's add our user to the Samba database:

$ smbpasswd -a username

You can perform various other actions using the $ smbpasswd command:

• $ smbpasswd username - change password
• $ smbpasswd -x username - delete a user
• $ smbpasswd -d username - ban user

The server must be rebooted if you make changes to the configuration file. This is done using the command:

$ systemctl restart smb

These are the basic Samba settings. Now you can try to put the program into practice.

Folder access

First, let's try to create a folder that will be accessible to all users, even those who are not authorized in Samba.

We create a folder with which we will then work on two computers:

$ sudo mkdir -p /samba/access

Now we are making extended access for this folder so that any client of ours can open it local network:

$cd/samba
$ sudo chmod -R 0755 access
$ sudo chown -R nobody:nogroup access/

The owner according to the code is nobody.

Now in the server configuration file you need to make two sections: the first one containing basic information:

Workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
#==============
And the second one, containing data about the access folder:

Path = /samba/access
browsable =yes
writable = yes
guest ok = yes
read only = no

The sections follow one after another in the same order.

Update server changes:

$ sudo service smbd restart

Actions with a Windows computer

On Windows, you also need to perform some steps so that you can easily open a new shared folder and edit it.

1. Open the command line. It is advisable to do this with extended rights, i.e. as an administrator.
2. We execute the command:
3. notepad C:\Windows\System32\drivers\etc\hosts
4. A file opens in which we enter the following line:
5. 168.0.1 srvr1.domain.com srvr1
   Thanks to it, the folder will become accessible.
6. You can open it using the “Run” line. Press Win + R, enter: After this, a folder will open for us.

Closed folder

A configured Samba server can also be used to create network folders with limited access. Such a folder must also be created first and then added to the Samba configuration.

Let's make a folder called "Closed":

$ sudo mkdir -p /samba/allaccess/closed

Let's create a special group that can have access to this folder:

$ sudo addgroup securedgroup

We create special rights for different groups:

$ cd /samba/access
$ sudo chown -R richard:securedgroup closed
$ sudo chmod -R 0770 closed/

Just as in the case of an open folder, we add information to the configuration:

Path = /samba/access/closed
valid users = @securegroup
guest ok = no
writable = yes
browsable = yes

We restart the server.

As you can understand, we created a Closed folder inside Access. Thus, Access can be opened by every user on the local network, but in order to view and edit Closed, you need to have special rights.

To make sure that everything works exactly as we specified in the batch file, you can perform a few simple steps.

Nowadays, it is quite common to find computers running Linux and Windows on the same local network. The reasons for this symbiosis may be different: for example, the owners of an Internet cafe did not have enough funds to purchase a licensed OS for all computers, or system administrator I was simply attracted to the positive aspects of Linux. The popularity of Microsoft operating systems is largely determined by client software for Windows. It's no secret that this software sector is very developed. Many companies have made serious efforts to this and have created really good, and most importantly, easy-to-use programs that even an ordinary user can easily master. But as a server, Windows’ position is no longer so clear. A server running Unix is ​​traditionally characterized by reliability, stable operation, security and often lower requirements for system resources. But in any case, simply connecting computers with different software platforms to the network will not get the expected result. The problem is that these two systems use different principles for organizing network resources that are incompatible with each other.
Since there is no need to wait for Microsoft's mercy, and Windows is unlikely to learn to work with the Unix network file system (NFS) standard means, and to be honest, I don’t know any third-party programs, the most popular way is to try to teach Unix to “pretend” that it is Windows NT.

Interaction in a network of computers running Windows is based on the use of the protocol SMB (Server Message Block)— blocks of server messages. It ensures that all the tasks necessary in these cases are performed: opening and closing, reading and writing, searching for files, creating and deleting directories, setting a print job and deleting it from there. All actions necessary for this are implemented in Unix-like operating systems using the package SAMBA. Its capabilities can be divided into two categories: provision of resources (by which we mean access to the printer system and files) for Windows clients and access to client resources. That is, a computer running Linux can act as both a server and a client. First, let's consider the SAMBA server option.

What should SAMBA provide for normal operation of Windows machines on a network? First, access control, which can be implemented either at the resource level (share level), when a password and corresponding usage rules are assigned to any resource on the network (for example, “read only”), while the user name has absolutely no no meaning; or a more advanced and flexible organization at the user level, when an account is created for each user, which, in addition to the name and password, contains all the necessary information about access rights to the resource. Before gaining access to the required resource, each user is authenticated, after which he is granted rights according to his accounts. Secondly, emulation of access rights determined by the file system is necessary. The thing is that the systems in question have access rights to files and directories on the disk differently. In Unix, there are traditionally three categories of file users: owner, group And the rest (other). Each of these entities may be provided read permissions, write And execution. In Windows NT, the access system is somewhat more flexible; access is granted to several groups or users, and the corresponding access rights are determined separately for each subject. Therefore, it is impossible to fully emulate the access rights inherent in NTFS using SAMBA.

With clients running Windows 9x, the situation is different. Since the time of the grandfather of DOS, due to the fact that the system is single-user and there could be no talk of any users, much less groups, for the file FAT systems Only four attributes are defined − read only, system, archive and hidden. Plus, in Windows, unlike Unix, the file extension has a special meaning - those that are intended to be executed have the extensions .exe, .com or .bat. When copying files from Unix machines to Windows computers, the attributes are set like this:

only for reading— reading, writing for the owner;

archival— execution for the owner;

systemic— execution for the group;

hidden - execution for the group.

A network of Windows machines can be organized as a workgroup, when the computers are independent of each other and each has its own database of passwords and logins with its own security policy, and also as an NT domain. The entire basis for user and computer authentication is managed primary domain controller (PDC, Primary Domain Controller), i.e. centralized. Samba allows you to restrict access at all of these levels and acts as a "master browser" in the context of a workgroup or domain controller.

We have sorted out the general organizational issues. Let's now look specifically at the implementation and configuration of a SAMBA server in Linux. For the Samba server to work, two daemons must be running: smbd, which provides a print and file sharing service for Samba clients (such as Windows of all stripes), and nmbd, which powers the NetBIOS name service (it can also be used to query other name service daemons). The protocol is used to access clients TCP/IP. Typically, Samba is installed with a Linux distribution. How to check? Just give the command:

$whereis samba

and you should get something like this:

Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz

If it is not included in the standard distribution, then welcome to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or almost any server with programs for Linux. The package is easy to install, so in order not to take up space, we will assume that you have it installed. Now let's check if the daemon is running:

$ ps -aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D

As you can see, I already have it running. If you don’t have it, and you want it to start when the system boots, then in Linux Mandrake, for example, check the desired box in DrakConf— starting services or in Red Hat Control-panel— Service Configuration, usually this is enough. Or start manually: ./etc/rc.d/init.d/smb start. The only Samba configuration file is called smb.conf and is usually located in the /etc directory (although in AltLinux, for example, it is in the /etc/samba directory). The SAMBA service reads it every 60 seconds, so changes made to the configuration take effect without rebooting, but do not apply to already established connections.

This is why I love Linux, because the configuration files are plain text (and well commented inside), and in order to use most of the parameters, you just need to uncomment the corresponding line. The smb.conf file is no exception. It consists of named sections starting with the section name enclosed in square brackets. Inside each section there are a number of parameters in the form key=value. The configuration file contains four special sections: , , and individual resources (shares). As the name suggests, the section contains the most general characteristics that will apply everywhere, but which, however, can then be overridden in sections for individual resources. Some parameters in this section are also relevant to configuring the Samba client part.

Values ​​of typical section parameters global:

Workgroup = group_name # name of the workgroup on the Windows network netbios name = name of the server on the network server string = comment that is visible in the network browsing properties window guest ok = yes # allowing guest login (guest ok = no - guest login is prohibited) guest account = nobody # name under which guest login is allowed security = user # Access level. user - at the user level, security = share - authentication based on username and password. When storing the password database on another SMB server, the values ​​security = server and password server = name_server_NT are used. If the server is a member of a domain, the value security = domain is used, the access password is specified in the file defined using the smb passwd file = /path/to/file option.

In addition, during registration you can use encrypted and unencrypted (plain-text) passwords. The latter are used in older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (up to Service Pack 3)). To enable the option to use an encrypted password, use the encrypt password = yes option. Please pay special attention to this option. In older Linux distributions that were created during the Windows 95 era (and beyond), old version Samba) password encryption is disabled by default, and samba is up to version 2.0 does not support this mode at all (by the way, this option and similar ones - those that do not relate to access to specific resources - are also used in the client).

To correctly display Russian file names, the following options are needed: client code page = 866 and character set = koi8-r. In distributions with good localization, for example, derivatives from Mandrake and Russian ones, this line is already there; sometimes it’s enough just to uncomment it, but in most others you have to add it yourself.

The option interfaces = 192.168.0.1/24 specifies which network (interface) the program should run on if the server is connected to several networks at once. When setting the bind interfaces only = yes parameter, the server will only respond to requests from these networks.

hosts allow = 192.168.1. 192.168.2. 127. — defines clients for whom access to the service is allowed.

In the global section, you can use various variables for more flexible configuration of the server. After the connection is established, real values ​​are substituted instead. For example, in the log file = /var/log/samba/%m.log directive, the %m parameter helps define a separate log file for each client machine. Here are the most common variables used in the global section:

%a - OS architecture on the client machine (possible values ​​- Win95, Win NT, UNKNOWN, etc.);

%m — NetBIOS name of the client computer;

%L — NetBIOS name of the SAMBA server;

%v — SAMBA version;

%I — IP address of the client computer;

%T — date and time;

%u is the name of the user working with the service;

%H is the home directory of user %u.

Also, for more flexible configuration, the include directive is used, using the above variables. For example: include = /etc/samba/smb.conf.%m - now when you request sales from a computer and there is a file /etc/samba/smb.conf.sales, the configuration will be taken from this file. If there is no separate file for a particular machine, then a common file is used to work with it.

There is also an interesting possibility creation virtual server . To do this, use the netbios aliases parameter:

Netbios aliases = sales accounting admin

Now we tell Samba to use its own configuration file for each virtual server:

Include = /etc/samba/smb.conf.%L

Three servers will be visible in the network browser window: sales, accounting, admin.

Enabling the preserve case and short preserve case options causes the server to save all input in a case-sensitive manner (on Windows case is not case-sensitive, on all Unix systems it is the other way around).

The section allows users to connect to their working directories without explicitly describing them. When a client requests its //sambaserver/sergej directory, the machine looks for the corresponding description in the file and, if it does not find it, then looks for the presence of this section. If the partition exists, it looks through the password file to find the working directory of the user making the request and, if found, makes it available to the user.

A typical description of this section looks like this:

Comment = Home Directories # comment that is visible in the network properties window browseable = no # determines whether to display the resource in the browse list. writable = yes # allows (no - denies) writing to the home directory create mode = 0750 # access rights for newly created files directory mode = 0775 # also, but only for directories

After configuring the default settings, you can create network resources that can be accessed by a specific user or group of users. Such a resource is created from an already existing directory; for this we write in the file:

Comment = Public Stuff path = /home/samba public = yes writable = no printable = no write list = administrator, @sales

The path parameter points to the directory in which the resource is located; the public parameter specifies whether the resource can be used by a guest, and the printable parameter specifies whether the resource can be used for printing. The write list parameter allows you to define users who are allowed to write to a resource regardless of the writable value (in this example, these are the administrator user and the sales group). It is also possible to use the opposite list - read list. If there is a need to hide some files, then in Unix/Linux the file name must begin with a dot (the hide dot files parameter, which controls the display hidden files, defaults to yes). In addition, it is possible to specify templates for the names of hidden files, for which the hide files parameter is used. Each pattern begins and ends with a forward slash (/) and can contain characters used in regular expressions. For example: hide files = /*.log/??.tmp/. Such tricks cost Windows users just by setting the “Show hidden and system files” mode in Explorer. To confidently limit the availability (the ability to delete) a file (directory), use the veto files and delete veto files parameters.

With CD drives the situation is somewhat more complicated. The thing is that in Unix-like systems there is no concept of a disk as such, and in order to gain access to the desired device, it must first be mounted into a directory tree (# mount -t iso9660 /dev/cdrom /mnt/cdrom) , and after use, so as not to destroy file system, must be unmounted (# umount /dev/cdrom), otherwise the device simply will not give up the disk. If you have a daemon running on your server autofs, then the problem is easily solved. To automatically unmount a device that has been unused for some time, set the timeout parameter in the /etc/auto.master file to the desired value. For example:

/mnt/auto/etc/ --timeout=5

(a similar line is already there, you just need to uncomment it). Then set the options for the appropriate device in the /etc/auto.tab file:

Cdrom -fstype=auto,ro:/dev/cdrom

After all this, we write the following lines in /etc/smb.conf to make this resource available:

Path = /mnt/cdrom writable = no

The second option is to use the preexec and postexec directives, which indicate which commands must be executed when accessing a resource and after disconnecting from it (these parameters can be specified for any resource and even in the global section, which opens up great possibilities).

Path = /mnt/cdrom read only = yes root preexec = mount /mnt/cdrom # Only root has the right to mount a resource root postexec = umount /mnt/cdrom # Naturally, these mount points must be described in the /etc/fstab file, otherwise You must also provide other information.

Now, when accessing a resource, the CD-ROM is automatically mounted, and sometimes unmounted. The whole problem is that the decision to close a resource must be made by the server - clients, as a rule, do not notify about this. But usually this happens because the resource is being used by several users at the same time or is left on one computer open file on this resource (Device busy). Therefore, the CD-ROM is not automatically unmounted; the only acceptable way to free up the resource is to look using the utility smbstatus number of the process using this resource and kill it with the command # kill pid_number (or kill -s HUP pid_number).

Having established the necessary configuration, we will now create user accounts (with the exception of the guest login with minimal rights nobody). To identify SAMBA users, the file /etc/samba/smbpasswd is used, which contains user names and encrypted passwords. Since the encryption mechanism in networks of Windows machines is not compatible with standard Unix mechanisms, a separate utility is used to fill out the password file - smbpasswd.

# useradd -s /bin/false -d /home/samba/sergej -g sales sergej # smbpasswd -a sergej # smbpasswd -e sergej

This example adds a new user sergej belonging to the group sales, with a dummy shell (possible options are /sbin/nologin, /dev/null) and a home directory /home/samba/sergej. Then we create a password for the user sergej and the last step is to enable access for the user, because it is disabled by default. An interesting point that can sometimes be confusing. The fact is that when connecting to a SAMBA server on a computer with Windows NT/2000, the user is prompted to enter, as expected, a login and password, and if a computer with Windows 9x/Me is used for access, then the user is prompted to enter only the password, and The login is generated automatically based on the registration name.

You can also map multiple Windows users to one Linux/Unix user. To do this, a mapping file /etc/smbusers.map is created, in which each mapping is specified as a separate line:

User_Linux = user_win1 user_win2 user_winN

In the section, add the line username map = /etc/smbusers.map. In this case, the Windows user must register with the password of the user with whom he is associated.

Using SAMBA, you can organize network printing from computers running Windows (if you are planning a separate print server, then a machine based on a 486 processor is sufficient for this).

To do this, you need to write the following lines in the section:

Printcap name = /etc/printcap # file describing printers connected to the system load printers = yes # indicates the need for automatic inclusion in the list of network resources printing = lprng # printing system (for Linux bsd can also be used).

Path = /var/spool/samba # points to the directory where print jobs are placed browseable = yes printable = yes read only = yes

After creating the file, test it using the utility testparm. Unfortunately, using this program you can only detect syntax errors, not logical ones, so there is no guarantee that the services described in the file will work correctly (during testing, all settings will be displayed, even those installed by default - so review carefully result). But if the program does not complain, you can hope that the file will be downloaded without problems when launched. Correctness printer operation listed in the /etc/printcap file against the SAMBA server can be checked using the utility testprns. Plus, don’t forget about .log files: if problems arise, you can sometimes find a solution there.

Now a little about the good stuff. Configuring Samba is quite complex, but the distribution comes with a Web-based administration tool called swat(Samba Web Administration Tool, ). Swat is launched as a service or using Apache server and is intended for editing the smb.conf file, as well as for checking the status, starting and stopping Samba daemons, and changing user passwords. For it to work as a service, the /etc/services file must contain the line swat 901/tcp, and the /etc/inetd.conf file must contain swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat (this is if the network daemon is used inetd, usually in older distributions; modern distributions use a more secure option - xinetd). In order to use swat in the /etc/xinet.d directory, create a swat file with the following content:

Service swat ( disable = no port = 901 socket_type = stream wait = no only_from = 127.0.0.1 # this is a line to run only from local machine user = root server = /usr/sbin/swat log_on_failure += USERID )

Now to launch Swat in your browser window, enter:

Http://localhost:901

But before that, be sure to create a user admin in the manner described above. And never run the SAMBA service on behalf of root.

After all the changes to the smb.conf file, you will sometimes need to restart the daemon:

Smb: /etc/rc.d/init.d/smb restart

If after all the above steps it was still not possible to organize access to SAMBA resources, then utilities such as ping(to check the availability of a node on the network), nmblookup(to query NetBIOS names), or as a last resort tcpdump. And don’t forget about access rights, because by assigning the /gde/to/w/glubine directory to the user, you will give him the ability to read (execute right) the previous directories.

Now let's talk about using the Samba client, because we ( Linux users) I also want to work with Windows network resources. To find out what resources are available, you must enter the command /usr/bin/smbclient -L host_name. The program will ask for a password, in response to which in most cases you just need to press Enter. Now, to connect to the required resource, enter the computer name and the required resource. For example:

# /usr/bin/smbclient \\Alex\Sound

(here we are trying to connect to the Sound folder on Alex's computer). As a result, if the command was entered correctly and the network resource exists, you should be prompted to enter a password. Enter it or press Enter if a password is not required for access. In response, you will receive a samba client prompt: smb: >. Further work occurs through a set of commands, with which you can perform all the necessary operations for working with files (copying, creating, moving, etc.). For help, enter smb: > help. This mode is somewhat inconvenient, so in most cases the module is used smbfs, part of samba; but in older distributions the kernel may be compiled without smbfs support, and then it will have to be rebuilt. To mount the required resource, type something like this:

Mount -t smbfs -o username=user,password=123456,iocharset=koi8-r,codepage=866 //alex/sound /mnt/sound.

If you do not specify a username and password, the system will ask you for it. Don't forget that by looking at the ~HOME/.bash_history file, you can find out the password based on the commands you typed. Another subtlety: if the smbclient program correctly displays files with Russian names, then the smbfs module sometimes does not pay absolutely no attention to other encoding, even if you specify it explicitly. They say this can be fixed with a patch, but I haven't found one for my Red Hat yet.

If you want the SMB share to be mounted automatically at system startup, add a line like this to your /etc/fstab file:

//guest@alex/sound /mnt/alex/sound smbfs rw, noauto 0 0.

In this example, on behalf of the user guest(if the resource supports this user and if this user has access only with a password, then do not worry: you will certainly be asked for it) the sound network resource on the alex computer is mounted in the /mnt/alex/sound folder with the ability to write to this directory. By the way, the Samba client perfectly sees hidden network resources, i.e. those whose network name ends with a $ sign.

As you can see, you have to work with the command line, which causes quiet horror for the modern user. And here the OpenSource world met him halfway - many utilities have been created that allow you to work with Samba resources in a more familiar way, by pressing buttons in graphical shells. The most popular program included in the Mandrake distribution and its derivatives, as well as Debian - gnomba. In any case, it can be found on most servers with Linux software (I saw it on ftp://ftp.altlinux.ru/ for sure). This utility allows you to view available network resources () and, if necessary, mount them in the desired directory, while a mounting option is possible by specifying the login and password for those resources that require it. Possible launch file manager when mounted (default gmc), creating directories for mounted resources, setting the option of automatic scanning at program startup (possible using the SMB protocol by default) and scanning by IP addresses (planned using the WINS protocol). For reasons unknown to me, in some distributions, when scanning using the SMB protocol, network resources were not displayed, so I always use the second method, since it works flawlessly, you just need to set the range of IP addresses for scanning (if you know). In order for Russian file names to be displayed correctly, do not forget to install the koi8-r fonts in the tab Options > Font selection, and also check the lines indicating the Cyrillic encoding in the smb.conf file (see above).

If gnomba can only mount and unmount resources, then the program xsmbrowser It also allows you to enter them as folders on the local computer (). True, I have not yet been able to get this program to understand files with Russian names, but there are also positive aspects: when this program is running, all mounting commands and various network requests are output to the console, which allows you to understand them well. The KDE developers also tried: through Preferences > Information utility available Samba Status, displaying all connections to/from local computer, which is also a convenient tool for viewing .log files. The utility provides similar information komba, which can be found at http://linux.tucows.com/().

As much as I would like to tell you more, a magazine is a magazine—you can’t fit everything. Next, the ubiquitous man and info will come to your aid. Also, all the necessary reference information can be obtained from the SWAT utility, and in Red Hat 7.3 there was a book Using Samba Robert"a Eckstein"a(English language - bad, completely free - good: /usr/share/swat/using_samba), also available from SWAT (). Additional documentation, FAQs, and example configuration files can be found in the /usr/share/doc/samba directory. In various forums you can find quite contradictory opinions about the work of Samba, from extremely negative to complete delight. Personally, I'm on the side of those who support this. Windows emulator NT, moreover, according to test results with the same equipment, the Samba server shows performance approximately 25-30% higher than a computer running a system from Microsoft. Good luck.

Sometimes you need to very quickly set up a file share on the server and open access to it. In this case, there is no need to fence in any complex configurations, access rights or anything else. You just need quick access to information without unnecessary questions.

For example, I recently needed something like this to open access to backups, which were stored on the server. I didn’t want to figure it out and look for information myself; I needed to quickly give the person reading access so that he could find everything he needed.

I will not specifically deal with operating system versions. Samba's configs are the same almost everywhere I've worked with them, especially in the simplest configurations.

So, install samba with any in a suitable way for your operating system. The configurations are valid for version 3 of samba. Next we decide what we need:

• access by user and password,
• access by IP address,
• access to everyone without restrictions.

Depending on this, the settings will be slightly different.

For password access draw the following config:

Security = user passdb backend = tdbsam workgroup = MYGROUP server string = Samba path = /mnt/shara valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes browseable = yes

# useradd share-user -M -G users -s /sbin/nologin

We import this user into Samba and set the password:

# smbpasswd -a share-user

And we try to go to the ball at the address:

\\server ip\share

To organize access depending on ip address, make the following settings in smb.conf:

Security = share workgroup = MYGROUP server string = Samba map to guest = bad user path = /mnt/files browsable = yes writable = yes guest ok = yes read only = no hosts allow = 192.168.0.171

In this case full access will be at the address 192.168.0.171. To add the entire subnet, you need to specify the following:

Hosts allow = 192.168.0.

You can combine different subnets and addresses, separating them with spaces. In order to disable access to some individual addresses from an allowed subnet, you can do this:

Hosts allow = 192.168.0. except 192.168.0.15

Access will be allowed to the entire subnet 192.168.0.0/24, except for the address 192.168.0.15.

We restart samba and check.

If you have samba 4 installed, then this configuration will not work and you will receive an error:

WARNING: Ignoring invalid value "share" for parameter "security" !}

For IP access to work properly, you need to make the following changes to the above config:

Security = user map to guest = Bad Password

Leave the rest of the parameters the same. After this, access via IP will work on version 4 of Samba.

If access will be provided to everyone without restrictions, then the simplest samba configuration will be like this:

Security = user workgroup = MYGROUP server string = Samba guest account = nobody map to guest = Bad User path = /mnt/files browseable = Yes guest ok = Yes writeable = Yes public = yes

Don't forget to give everyone rights to the folder:

# chmod 0777 /mnt/files

Restart Samba and try to log in. They should let you in without any questions asked.

This is how you can organize a simple file server using samba in just 5 minutes. And often it’s more difficult and it’s not necessary. For some kind of file dump, the latest option is suitable.

For more complex configurations I have separate articles:

Online course on Linux

• Knowledge of Linux architecture.
• Development modern methods and data analysis and processing tools.
• Ability to select a configuration for the required tasks, manage processes and ensure system security.
• Proficient in the basic working tools of a system administrator.
• Understanding of the specifics of deploying, configuring and maintaining networks built on Linux.
• The ability to quickly solve emerging problems and ensure stable and uninterrupted operation of the system.