Вы находитесь на странице: 1из 11

Comenzi executate ca root :

Verificare samba instalat :

#chkconfig --list | grep smb smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off

#locate smb | more

Daca zice ca nu poate executa comanda asta, atunci da intai comanda de mai jos, apoi incearca din nou locate : #updatedb

Daca toate comenzile de mai sus decurg bine atunci e OK si se trece mai departe.

Configurare samba sa porneasca la bootare :

#chkconfig --level 345 smb on #chkconfig --list | grep smb

Cautare fisier de configurare :

#locate smb.conf . /etc/samba/smb.conf

#cd /etc/samba

In primul rand, pt ca userii existenti sa poata utilize samba (sa se conecteze prin samba cu user-parola) trebuie create o parola speciala pt samba, care e separate de cea de system. Se foloseste :

#locate smbpasswd .. /usr/bin/smbpasswd .. /etc/samba/smbpasswd /etc/smbpasswd



#/usr/bin/smbpasswd -help Daca vrei ca userul gigi sa se poata conecta prin samba :

#smbpasswd gigi **** = gigi **** = gigi

Apoi o sa apara o intrare in fisierul /etc/smbpasswd. Nu trebuie editat manual sau modificat !

Fisierul principal de configurare e smb.conf.

Se deschide si se editeaza cu vi /etc/samba/smb.conf sau cu mc - midnight commander.

#======================= Global Settings #===================================== [global]

# workgroup = NT-Domain-Name or Workgroup-Name workgroup = THENET

# server string is the equivalent of the NT Description field server string = Server Linux

# This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 10.1.1. 127.

# if you want to automatically load your printer list rather # than setting them up individually then you'll need this ; printcap name = /etc/printcap ; load printers = yes

# It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = cups

# This option tells cups that the data has already been rasterized cups options = raw

# Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest

# this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/smbd.log

# Put a capping on the size of the log files (in Kb). max log size = 2000

# Security mode. Most people will want user level security. See # security_level.txt for details. security = share # Use password server option only with security = server ; password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for

# all combinations of upper and lower case. ; password level = 8 ; username level = 8

# You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd

# The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # # the encrypted SMB passwords. They allow the Unix password to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# Unix users can map to different SMB User names

; username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m

# Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces =

#============================ Share Definitions #============================== ; idmap uid = 16777216-33554431 ; idmap gid = 16777216-33554431

; template shell = /bin/false ; winbind use default domain = no ;[homes] ; comment = Home Directories ; browseable = no ; writable = yes

# The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765

[Kits] comment = Kituri path = /home/samba/INFONET public = yes writable = no printable = no Tot ce nu e trecut mai sus, e considerat cu setarile default.

2 astpecte importante :

- daca se vrea share fara user/parola atunci trebuie folosita optiunea : security = share - daca se vrea share per user/parola se foloseste optiounea : security = user

Apoi, optinunea public = yes face ca share-ul sa fie accesibil de toti. Trecand writable = yes oricine va putea scrie in acel share (din retea).

Daca se vrea doar o singura parola, se poate trece public = no si only guest = yes si se modifica parola cu smbpasswd guest.

Daca se vrea acces per-user, se pune security=user se foloseste modelul prezentat in my share, folosind ca valid users utilizatorii respective cu parola setata cu smbpasswd.

Mai sus, workgroupul folosit este THENET, cu comentariu = Server Linux. Interfata pe care se aplica samba este si doar userii care vin din pot accesa samba (acest lucru se poate seta oricum si din firewall).

Pentru a porni/reporni samba :

/etc/init.d/smb start /etc/init.d/smb restart

(/etc/init.d/smb stop)

Pentru a putea fi accesat serverul de samba, trebuie dat drumu si la firewall :

#iptables -I INPUT -s -j ACCEPT

#iptables -I INPUT -s IP_LAN -p tcp -m tcp --dport 135:139 -j ACCEPT

Pentru ca serverul sa poate accesa alte sharuri din retea :

#iptables -I INPUT -s IP_LAN -p udp -m udp --sport 135:139 -j ACCEPT

SSH access :

#iptables -I INPUT -s IP_LAN -p tcp -m tcp --dport 22 -j ACCEPT

Deny the rest:

#iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

Si se salveaza setarile la bootare :

#iptables-save > /etc/sysconfig/iptables

Trebuie sa mearga apoi . Ca sa accesezi de pe linux un share din retea (din interfata X) : Smb://ip_address la open_location.