Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to configure linux samba". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to configure linux samba.

Linux samba is very powerful. After Samba on the Linux server is running, Linux is equivalent to a file and print server, providing file and printing services to Windows and Linux Samba customers.

Samba protocol foundation

After the emergence of NetBIOS, Microsoft implemented a network file / print service system using NetBIOS. This system sets a set of file sharing protocol based on NetBIOS, which Microsoft calls SMB (Server Message Block) protocol. This protocol is used by Microsoft in their Lan Manager and Windows NT server systems to share printers, serial ports, and communication abstractions (such as named pipes, mail slots, etc.) between different computers.

With the popularity of Internet, Microsoft hopes to extend this protocol to Internet and become a standard for computers on Internet to share data with each other. So it reorganizes the original SMB protocol with few technical documents, renames it CIFS (Common Internet File System), and intends to separate it from NetBIOS in an attempt to make it a standard protocol on Internet.

Therefore, in order to integrate Windows and Unix computers, the best way is to install software that supports the SMB/CIFS protocol on the Unix computer, so that Windows customers do not need to change the settings and can use the resources on the Unix computer just as they use the Windows NT server. Samba is a kind of software used to implement SMB. Its working principle is to let NETBIOS (the communication protocol of Windows95 network neighbors) and SMB (Server Message Block) run on the TCP/IP communication protocol, and use Windows's NETBEUI protocol to make Unix computers can be seen by Windows computers on network neighbors. Its functions are:

1. Share Linux disk to Win95/NT

two。 Share Win95/NT disks to the Linux machine

3. Share the Linux printer with win95/NT

4. Share the win95/NT printer with the Linux machine.

At the same time, its file service function is higher than that of NT system, and it provides users with disk space limitation before Windows2000.

Configuration of Samba

At the time of this writing, the version of Samba is 2.2.2, and you can get the latest rpm installation package if you need it. Then execute rpm-Uvh samba-2.2.2-20011013.i386.rpm to install or upgrade it. After installation, you can see the directory / etc/samba, which stores some files related to Samba, the most important of which is smb.conf. Now we will talk about its configuration options according to the configuration file:

Global settings:

Workgroup = MYGROUP

Define the workgroup or domain in which the Samba server is located (if the security=domain below).

Server string = MY Samba Server

Set the description of the machine, which we can see in the comments when we access it through our network neighbors, and we can also use the variables set by samba. Let's talk about the variables defined by samba:

% S = current service name (if any)

% P = the root directory of the current service, if any

% u = user name of the current service (if any)

% g = the main working group in which the current user said

% U = user name of the current conversation

% G = main workgroup of the user in the current conversation

% H = Home directory of the user for the current service

% v = version number of the Samba service.

% h = hostname of the machine running the Samba service

% m = NETBIOS name of the client

% L = NETBIOS name of the server

% M = hostname of the client

% N = NIS server name

% p = Home directory of the NIS service

% R = the level of protocol used (values can be CORE, COREPLUS, LANMAN1, LANMAN2,NT1)

% d = ID of the current service process

% a = the structure of the client (only a few items are recognized: Samba,WfWg,WinNT,Win95)

% I = IP of the client

% T = current date and time

Hosts allow = network or host

Here you can set the network and host IP that are allowed to access. For example, if you allow access to 192.168.1.0 IP 24 and 192.168.2.1 Compact 32, use host allow = 192.168.1. 192.168.2.1 127.0.0.1 (pay attention to the network and add "." No. Separate each item with a space. Remember to add this machine to it.)

Printcap name = printcapFile

Go to the printcapFile (usually / etc/printcap) file to get the printer description information

Load printers = yes | no

Set whether to automatically share printers without setting the relevant things in the [printer] section below

Printing = PrintSystemType

Define the type of printing system. The default is lprng. Options are: bsd, sysv, plp, lprng, aix, hpux, qnx.

Guest account = pcguest

Define a tourist account, and you need to add this account to / etc/passwd, otherwise it will use the default nobody

Log file = LogFileName

Define the location of the record file LogFileName (usually / var/log/samba/%m.log)

Max log size = size

Defines the size of the record file size (in KB, unlimited size if 0)

Security = security_level

Define the security level of Samba, divided into four levels from low to high: share,user,server,domain. The corresponding verification methods are as follows:

Share: there is no level of security and any user can access resources on the server without a username and password.

The default configuration of user:samba requires users to provide a user name and password for authentication before accessing a shared resource.

Server: the security level is similar to user, but the user name and password are submitted to another server for verification, such as to a NT server. If the submission fails, return to the user security level.

Domain: this security level requires the existence of a Windows primary domain controller on the network, and samba submits the user name and password to it for verification.

The latter three security levels require the user to have a system account on this Linux machine as well. Otherwise, it cannot be accessed.

Password server =

It is necessary to set it when the previous security is set to server or domain.

Password level = n

This is set for some SMB customers such as OS/2. When sending a user's password, such a system will convert the password to uppercase and then send it, which is inconsistent with the password of samba. This parameter can be used to set the number of uppercase letters allowed in the password, so that samba reorganizes the received passwords according to this number to try to verify the correctness of the password. The larger the n, the more the number of combinations, the longer the validation time, and the lower the security. For example, if the user's password is abcd, the user's password is abcd, but if it is sent to ABCD,samba, the ABCD will be reorganized in uppercase and lowercase. The combined result can be: Abcd, aBcd, abCd, abcD, abcd, ABcd, AbCd, AbcD,aBCd,aBcD,abCD.

So if it's not necessary, set n to zero. In this case, samba only tries twice, one is the received password, and the other is the case where the password is lowercase.

Username level = n

This is the case for the user name, which is similar to the one above.

Encrypt passwords = yes | no

To set whether to encrypt the password, samba itself has a password file / etc/samba/smbpasswd. If the password is not encrypted, the plaintext password is passed between the client and the server during the authentication session. Samba verifies this password directly with the / etc/samba/smbpasswd password file in Linux. However, after Windows 95 OS/R2 and later versions of Windows NT SP3, plaintext passwords are not transmitted by default. In order to enable these systems to send plaintext passwords, the password must be changed in their registry, which is troublesome. A good way is to set this switch here to yes.

Smb passwd file = smbPasswordFile

Set the file smbPasswordFile (usually / etc/samba/smbpasswd) in which the samba user password is stored.

Ssl CA certFile = sslFile

When samba compiles to support SSL, you need to specify the location of the SSL's certificate (usually / usr/share/ssl/certs/ca-bundle.crt).

Unix password sync = yes | no passwd program = / usr/bin/passwd% u passwd chat = * New*UNIX*password*% n * ReType*new*UNIX*password*% n * passwd:*all*authentication*tokens*updated*successfully*

Can these three settings change the user password of the unix system from the application of windows?

Username map = UsermapFile

Specify the user mapping file (usually / etc/samba/smbusers), in which when we specify a line root = administrator admin, the client is treated as a user root when the user of the client is an admin or administrator connection.

Include = MachineConfFile

Specify that different profiles MachineConfFile are used for connections to different machines. (generally, in order to flexibly manage the use of / etc/samba/smb.conf.%m, due to the use of samba variables, you can easily control the permissions and settings of these clients by associating the configuration file with the NETBIOS name of the client.

Socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

These are some of the parameters of the network socket to achieve the best file transfer performance. Related options include SO_KEEPALIVE, SO_REUSEADDR, SO_BROADCAST, IPTOS_LOWDELAYIPTOS_THROUGHPUT, SO_SNDLOWAT (*) and SO_RCVLOWAT (*), with a value to be specified for those with a * sign. Generally speaking, if you are on a local network, you will only use IPTOS_LOWDELAY. If you have a local network, you will use IPTOS_LOWDELAY TCP_NODELAY. If it is a wide area network, try IPTOS_THROUGHPUT.

Interfaces = interface1 interface2

If there are multiple network interfaces, you must specify them here. For example, interface = 192.168.12.2 to 24 192.168.13.2 to 24

Remote browse sync = host (subnet)

Here you specify where to get the browse list synchronization information, if you use host (for example, 192.168.3.25) or the entire subnet (192.168.5.255).

Here's an explanation of what Browse is:

In the SMB protocol, in order to access network resources, computers need to know the list of resources that exist on the network (for example, using network neighbors to view accessible computers under Windows). This mechanism is called Browse. Although broadcast is often used in SMB protocol, if you use broadcast every time to understand the current network resources (including the computers providing services and the service resources on each computer), it will consume a lot of network resources and waste a long search time, so it is best to maintain a list of network resources in the network to facilitate the search of network resources. Re-look for resources only when necessary, such as using the find computer feature under Windows.

However, it is not necessary for every computer to maintain the entire resource list. The task of maintaining the current resource list in the network is accomplished by several special computers on the network, which are called Browser. These Browser record various resources on the network by recording broadcast data or querying name servers.

Browser is not a pre-designated computer, but is generated by automatic referrals between ordinary computers. Different computers can set different weights in the selection according to their ability to provide services. In order to ensure that the network browsing is still normal when a Browser is down, there are often multiple Browser in the network, one of which is the primary Browser (Master Browser) and the other is the backup Browser.

Remote announce = host (subnet)

Specify that these machines declare themselves to the network, rather than having Browser get it.

Local master = yes | no

This parameter specifies whether nmbd attempts to be the local master browser. The default value is yes. If set to no, the samba server will never become the local master browser. But even if yes is set, it does not mean that the samba server will become the local master browser. Just participate in the selection of the local owner browser.

Os level = n

The value of n is an integer that determines whether nmbd has a chance to become the local main browser in a workgroup in the local broadcast area. The default value is zero, which means that nmbd loses its browsing choice. If you want nmbd to have a better chance of becoming a local owner browser, you can set it to 65.

Domain master = yes | no

This parameter makes nmbd a domain browser, gets the browse list of each local owner browser, and submits the browse list of the entire domain to each local owner browser.

Preferred master = yes | no

This parameter specifies whether nmbd is the primary primary browser in the workgroup, and if specified as yes,nmbd, forces a browse selection at startup.

Domain master and local master

The concepts of workgroup and domain are of the same use when browsing, and both are used to distinguish and maintain multiple computers in the same set of browsing data. In fact, their difference lies in the authentication mode, each computer in the working group is basically independent, authenticating customer access independently, and there will be one (or several) domain controllers in the domain to save authentication information that is valid for the whole domain, including the authentication information of users and the authentication information of member computers in the domain. When browsing data, there is no need for authentication information. Microsoft expands the workgroup into a domain, just to form a hierarchical directory structure and a strategy to expand the scope of Mircrosoft network services by combining the original browsing and directory services.

Workgroups and domains can span multiple subnets, so there are two types of Browser in the network, one is Domain Master Browser, which is used to maintain browsing data within the entire workgroup or domain, and the other is Local Master Browser, which is used to maintain browsing data in this subnet, which communicates with Domain Master Browser to obtain all browsable data. The division of the two kinds of Browser is mainly because the browsing data depends on the local webcast to obtain the resource list, and the resource list can only be exchanged between different subnets through the communication ability between browsers.

However, in order to browse the resources of multiple subnets, you must use the parsing method of the NBNS name server. Without the help of NBNS, the computer will not be able to get the NetBIOS name of the computer outside the subnet. Local Master Browser also needs to query the NetBIOS name server to get the name of Domain Master Browser to exchange network resource information with each other.

Because of the particularity of the domain controller in the domain, the domain controller tends to be used as the Browser, and the primary domain controller should be used as the Domain Master Browser.

Preserve case = yes | no

Short preserve case = yes | no

Specifies to keep case when copying DOS files. Default is no.

Default case = lower | upper

Is all DOS files uppercase or lowercase by default

Case sensitive = yes | no

Case-sensitive, usually no, otherwise there will be some problems.

Shared settings:

Shared resources:

Each SMB server can provide external file or print services, and each shared resource needs to be given a shared name, which will be displayed in the server's resource list. If the last letter of the name of a resource is $, the shared name is a hidden share and cannot be directly displayed in the browse list, but can only be accessed by directly accessing that name. In SMB protocol, in order to obtain the list of resources provided by the server, a hidden resource name IPC$ must be used to access the server, otherwise the client cannot get the list of system resources. ★

There is a strange segment in the sharing settings:

[homes], there is generally no specific content such as path for this directory in the smb.conf file. When the client makes a service request, it looks for the service with friend-specific content in other parts of the smb.conf file. If these services are not found and the homes segment is provided, search the password file to get the user's Home directory. Through the Homes segment, Samba can get the user's Home directory and share it. Here are some of the most basic settings for this paragraph.

[homes] comment=Home Directory browseable=no writable=yes

A more normal shared configuration is as follows:

[MyShare] comment = grind's file path = / home/grind allow hosts = host (subnet) deny hosts = host (subnet) writable = yes | no user = user (@ group) valid users = user (@ group) invalid users = user (@ group) read list = user (@ group) write list = user (@ group) admin list = user (@ group) public = yes | no hide dot files = yes | no create mode = 0755 directory mode = 0755 sync always = yes | yes = Yes | no preserve case = yes | no case sensitive = yes | no mangle case = yes | no default case = upper | lower force user = grind wide links = yes | no max connections = 100delete readonly = yes | no

The MyShare in [] specifies the share name, which is usually the name of the folder that can be seen in the network neighbor.

Comment refers to the comments on changing to sharing.

Path specifies the path to the share, which can be used with the samba variable. For example, you can specify path=/data/%m so that if a machine's NETBIOS name is grind, it goes to the / data/grind directory when it accesses the MyShare share, and / data/glass directory for machines whose names are glass.

Allow hosts and deny hosts are not mentioned here in the same way as the previous global settings.

Writeable specifies whether this directory is writable by default, or you can set it with readonly = no.

User sets all users who may use the shared resource, or you can use @ group to represent all members of the group group, separated by spaces or commas between different items.

Valid users specifies the users and groups that can use the shared resource.

Invalid users specifies users and groups that cannot use the shared resource.

Read list specifies users and groups that can only read the shared resource.

Write list specifies the users and groups that can read and write to the shared resource.

Admin list specifies the users and groups that can manage the shared resource, including read and write, permission grant, and so on.

Public indicates whether the shared resource can be accessed by a tourist account. This switch is sometimes called guest ok, so guest ok = yes appears in some configuration files is actually the same as public = yes.

Hide dot files indicates whether it is hidden like unix to "." A file that begins with a number.

Create mode specifies the properties of the newly created file, which is usually 0755.

Directory mode indicates the properties of the newly created directory, which is usually 0755.

Sync always indicates whether to synchronize after writing to the shared resource.

Short preserve case indicates that the file name is case-sensitive.

Preserve case indicates that case is maintained.

Case sensitive indicates whether it is case-sensitive, generally choosing no, otherwise it may cause errors.

Mangle case indicates mixed case.

Default case indicates whether the default file name is all uppercase or lowercase.

Force user forces who is the owner of the establishment document. If I have a directory that guest can write to, then guest can be deleted, and if I use force user= grind to force the owner of the file to be grind, and limit create mask to 0755, so guest cannot be deleted.

Wide links indicates whether symbolic connections outside sharing are allowed. For example, there is a connection in a shared resource that points to a file or directory in a non-shared resource. Setting wide links = no will make the connection unavailable.

Max connections = n sets the number of simultaneous connections to n.

Delete readonly indicates whether files that have been defined as read-only in the shared resource can be deleted.

There are two special types of sharing, namely the optical drive and the printer

Shared settings for the optical drive:

[cdrom] comment = grind's cdrom path = / mnt/cdrom public = yes browseable = yes root preexec = / bin/mount-t iso9660 / dev/cd0 / mnt/cdrom root postexec = / bin/umount / mnt/cdro

Here root preexec indicates that the mount command is run as root when connecting, while root postexec indicates that umount is run as root when disconnected, which effectively realizes the sharing of the CD-ROM drive.

Settings for printer sharing:

[printers] path = / var/spool/samba writeable = no guest ok = yes printable = yes printer driver = HP LaserJet 5L

Here printable indicates that the printer can print, guest ok indicates that tourists can also print, and path indicates that the queue of printed files is temporarily placed in the / var/spool/samba directory. The function of printer driver is to specify the type of printer so that we can install the driver automatically without having to select it when we install the network printer.

Add a user:

Samba is more convenient to add users, generally using smbadduser, usage is smbadduser unixid:netid, for example: if you have a local user named grind, you use smbadduser grind:grind, so that the user name is grind when accessing from the network neighbor, and if you use smbadduser grind:glass, the user name provided by the network neighbor is glass instead of grind.

These are the basic settings for the samba server. I think almost all the things to be used in general applications are covered, so some unimportant ones are omitted. For more detailed information, you can use man smb.conf reference. / dev/null

3.mf_wrapper is an magic filter file that is related to some filtering rules. The content is as follows:

MF_RULE_DIR='/usr/share/printconf/mf_rules' MF_RULES=$MF_RULE_DIR/mf [[]] [[]]-* TMP_FILE= `mktemp / tmp/ printconf.XXXXXX`''exit 1 cat. / mf.cfg $MF_RULES | m4 >; $TMP_FILE if [- n "$DEBUG"]; then case "$DEBUG" in

2)

DEBUGSTRING= "- debug-debug"

3)

DEBUGSTRING= "- debug-debug-debug"

4)

DEBUGSTRING= "- debug-debug"

5)

DEBUGSTRING= "- debug-debug"

6)

DEBUGSTRING= "--debug"; esac else DEBUGSTRING= "" fi # Run magicfilter / usr/bin/magicfilter-t $TMP_FILE $DEBUGSTRING $*

The next operation is the same as the ftp command, download the file with get and upload the file with put, and the command can be viewed with help.

Another way is to use the file system approach (this way to make sure your kernel supports smbfs, if not, you must select File systems--- >; Network File Systems--- >; SMB file system support (to mount Windows shares etc.) when compiling the kernel:

Smbmount / / IP or NETBIOS name / shared resource name / local mount point [- o option]

The commonly used option are username=,password=,guest (specified to be accessed by guest, without providing a password, which will be required even if the username=guest parameter is used), ro (sometimes specified as read-only mode for system security), rw, and multiple option calls are separated by commas.

Or you can use mount-t smbfs [- o option] / / IP or NETBIOS name / shared resource name / local mount point to achieve the same function.

Examples are as follows:

Smbmount / / glass/littlep / test-o guest or mount-t smbfs-o guest / / glass/littlep / test, and then you can use resources on the network by visiting / test.

If you don't need to use it, you can simply use smbumount / test or umount / test to unhook it.

Thank you for your reading, the above is the content of "how to configure linux samba", after the study of this article, I believe you have a deeper understanding of how to configure linux samba, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.