| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| slackware:samba [2006/03/29 18:41] – alien | slackware:samba [2018/11/21 21:07] (current) – CIFS is used nowadays by smbmount alien |
|---|
| |
| FIXME ** This article is being worked on ** FIXME | |
| --------------------------------------------------- | |
| |
| ===== File- and printersharing on the local network ===== | ===== File- and printersharing on the local network ===== |
| |
| |
| * This should be in ''/etc/samba/smb.conf'', it defines the password backend Sabma will use (I will not discuss the alternative LDAP backend here, I hope to write another article on that all of it's own): <code> | * This should be in ''/etc/samba/smb.conf'', it defines the password backend Sabma will use (I will not discuss the alternative LDAP backend here, I hope to write another article on that all of it's own): <code> |
| passdb backend = tdbsam guest | passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb |
| </code> //NOTE//: when you enable //tdbsam// on an already configured and running Samba server, and run ''killall -HUP smbd'' to let it re-load the configuration files, you might have to re-add the 'smbguest' user to Samba, since the default to use is the //smbpasswd// file and not the tdbsam database.\\ So, again run: <code> | </code> //NOTE//: when you enable //tdbsam// on an already configured and running Samba server, and run ''killall -HUP smbd'' to let it re-load the configuration files, you might have to re-add the 'smbguest' user to Samba. \\ In the past, the default to use was the //smbpasswd// file but since Sa,ba 3.4 the tdbsam database became the default.\\ So, again run: <code> |
| smbpasswd -a smbguest -d | smbpasswd -a smbguest -d |
| </code> | </code> |
| - In the file ''/etc/cups/mime.convs'' uncomment ''application/octet-stream application/vnd.cups-raw 0 - '' And then restart CUPS daemon using <code>/etc/rc.d/rc.cups restart</code> | - In the file ''/etc/cups/mime.convs'' uncomment ''application/octet-stream application/vnd.cups-raw 0 - '' And then restart CUPS daemon using <code>/etc/rc.d/rc.cups restart</code> |
| |
| * It is now time to fire up our Samba server. But we will test the configuration first by running the command ''testparm''. IT will show us if anything went wrong while editing the ''smb.conf'' file. If everything seems allright, we will procede with making the Samba start script executable (so that it will still start when we boot our server) and then running the script: <code> | * It is now time to fire up our Samba server. But we will test the configuration first by running the command ''testparm''. It will show us if anything went wrong while editing the ''smb.conf'' file. If everything seems allright, we will procede with making the Samba start script executable (so that it will still start when we boot our server) and then running the script: <code> |
| chmod +x /etc/rc.d/rc.samba | chmod +x /etc/rc.d/rc.samba |
| /etc/rc.d/rc.samba start | /etc/rc.d/rc.samba start |
| </code> A Windows user can use the ''<CTRL><ALT><DEL>'' sequence to change the password! | </code> A Windows user can use the ''<CTRL><ALT><DEL>'' sequence to change the password! |
| |
| | |
| | === Samba printers === |
| | |
| | If you have a configured and running CUPS server that has at least one queue setup for //RAW// printing, we can now proceed with integrating this CUPS printer queue with our Samba server, so that Windows clients can automatically download their printer drivers from the Samba server. This is of course more convenient than accessing each and every Windows PC with a printer driver CD and manually configuring the printer. |
| | |
| | Using the directions of the previous sections and the [[#a_sample_smb.conf|smb.conf example]] of the last section, you have everything in place already, server-side. You will now have to take a Windows XP workstation, and logon to a Samba share using an account that is known to Samba as a //printer admin//. In our setup, that means: everyone who is a member of the Linux group [[linux:admin#wheel]]. |
| | |
| | FIXME //to be completed// FIXME |
| |
| === The Linux client setup === | === The Linux client setup === |
| |
| On a linux client computer, it is the ''smbmount'' command that lets you mount a Samba (or a Windows!) share on the local filesystem. You can run the command manually in a console like this: <code> | On a linux client computer, it is the ''smbmount'' command that lets you mount a Samba (or a Windows!) share on the local filesystem. You can run the command manually in a console like this: <code> |
| mount -t smbfs //192.168.0.1/public /mnt/samba/bob/public -o rw,uid=0,gid=10,fmask=664,dmask=775 -U <some_special_user> | mount -t cifs //192.168.0.1/public /mnt/samba/bob/public -o rw,uid=0,gid=10,fmask=664,dmask=775 -U <some_special_user> |
| </code> which will mount the share called //public// on our server called //bob// which has the IP Address ''192.168.0.1'' in this example. The mountpoint ''/mnt/samba/bob/public'' must of course be created as a directory before. I chose ''/mnt/samba/bob/public'' arbitrarily, I like looking at the mount point's name and be able to guess what it is all about. You are of course free to take another mount point.\\ The command mounts the share as user //<some_special_user>// and it's up to you who that user account is, as long as it has the necessary access rights to the share. If the account has a password associated with it, you will be asked for it.\\ | </code> which will mount the share called //public// on our server called //bob// which has the IP Address ''192.168.0.1'' in this example. The mountpoint ''/mnt/samba/bob/public'' must of course be created as a directory before. I chose ''/mnt/samba/bob/public'' arbitrarily, I like looking at the mount point's name and be able to guess what it is all about. You are of course free to take another mount point.\\ The command mounts the share as user //<some_special_user>// and it's up to you who that user account is, as long as it has the necessary access rights to the share. If the account has a password associated with it, you will be asked for it.\\ |
| The //-o rw,uid=0,gid=10,fmask=664,dmask=775// part means that the remote share will be mounted locally read/write, seemingly owned by user root:wheel (uid=0, gid=10) and with file- and directory masks that make the share's files and directories read/only for non-root, non-[[linux:security#wheel | wheel users]]. Having to type all this in order to mount the share is a tedious effort, so we take the easy way and add the following line to ''/etc/fstab'': <code> | The //-o rw,uid=0,gid=10,fmask=664,dmask=775// part means that the remote share will be mounted locally read/write, seemingly owned by user root:wheel (uid=0, gid=10) and with file- and directory masks that make the share's files and directories read/only for non-root, non-[[linux:security#wheel | wheel users]]. Having to type all this in order to mount the share is a tedious effort, so we take the easy way and add the following line to ''/etc/fstab'': <code> |
| //192.168.0.1/public /mnt/samba/bob/public smbfs rw,uid=0,gid=10,fmask=664,dmask=775,credentials=/etc/bob.cred 0 0 | //192.168.0.1/public /mnt/samba/bob/public cifs rw,uid=0,gid=10,fmask=664,dmask=775,credentials=/etc/bob.cred 0 0 |
| </code> We store the username and password that we need for gaining access to the //public// share, in a file called ''/etc/bob.cred'' which we protect from prying eyes by removing read access for all but the root user: <code> | </code> We store the username and password that we need for gaining access to the //public// share, in a file called ''/etc/bob.cred'' which we protect from prying eyes by removing read access for all but the root user: <code> |
| chmod 600 /etc/bob.cred | chmod 600 /etc/bob.cred |
| password = <the_secret_word> | password = <the_secret_word> |
| </code> Having this in our client computer's ''/etc/fstab'' will cause the samba share to be automatically mounted when the computer boots. | </code> Having this in our client computer's ''/etc/fstab'' will cause the samba share to be automatically mounted when the computer boots. |
| | |
| | <note tip>The older "''smbfs''" kernel module is outdated while the "''cifs''" kernel driver is well-maintained and supports higher versions of the SMB protocol than ''smbfs''. Samba implements the CIFS protocol (a dialect of the SMB protocol) and it supports SMB2 and parts of the SMB3 protocol extensions.</note> |
| | |
| | <note tip>The default CIFS protocol changed from SMB 1.0 to SMB 3.0 in kernel 4.13. If you are running an older Samba server and try to mount its shares on a recent Linux computer this changed default breaks the mounts. In order to force the mount to use SMB 1.0 you need to add "''vers=1.0''" to the mount options</note> |
| |
| === Mixing protected and passwordless shares === | === Mixing protected and passwordless shares === |
| |
| Actually, setting up a NFS for Slackware is even easier than Samba. | Actually, setting up a NFS for Slackware is even easier than Samba. |
| | |
| |
| === NFS Server === | === NFS Server === |
| |
| | You setup an NFS server by creating or editing the file ''/etc/exports''. That file has a man page (man exports) and I encourage you to read that if you want more than my simple example. But basically, this file can look like this: <code> |
| | # See exports(5) for a description. |
| | # This file contains a list of all directories exported to other computers. |
| | # It is used by rpc.nfsd and rpc.mountd. |
| | /home 192.168.0.0/24(rw,async,no_root_squash) |
| | /var/www/htdocs 192.168.0.0/24(rw,all_squash,anonuid=99,anongid=99) |
| | /home/ftp/pub 192.168.0.0/24(ro,sync,insecure,all_squash) |
| | </code> This creates three exports, all accessible by any client with an IP address in the range ''192.168.0.0/24''. I'll discuss them in reverse order: |
| | - the ftp server's 'pub' directory aka the anonymous ftp area. This export will be available as read-only (the 'ro' parameter) with as safe as possible settings |
| | - your webserver's DocumentRoot (/var/www/htdocs) which will be available as writable, but on the server side, all writes will appear to originate from the user with the userid:groupid of ''99:99'' which is actually the "nobody" user. If you let the DocumentRoot tree be owned by this account (a configuration you often see), then the Web Server's CGI or PHP scripts can write files in these directories |
| | - the server's ''/home'' directory tree which can be mounted writable (the 'rw') using asynchronous transfers (faster but with a chance of data corruption in case of a server crash - 'sync' is safe but slower). User ID's (//uid//) and group ID's (//gid//) will be mapped 1-on-1 (even for user 'root' - the 'no_root_squash' option). This means, if the server knows a user 'alien' with a "uid:gid" pair of ''1001:100'', then alien's files in his homedirectory will appear with this uid:gid number pair on the NFS client side as well! So, if the NFS client PC also has an account 'alien' with the same "uid:gid" number pair ''1001:100'', this alien will be able to use the files on the server as they were his own. |
| | <note important>You see why it is important to create users on your LAN with the same UID (and GID) on //all// computers if you ever intend to install a NFS server.</note> |
| |
| === NFS client === | === NFS client === |
| </code> Note, that I expect you to create the mount point (''/mnt/nfs/home'' in the example, but you may pick your own of course) in advance...! | </code> Note, that I expect you to create the mount point (''/mnt/nfs/home'' in the example, but you may pick your own of course) in advance...! |
| |
| I hear you thinking... how do I find out what the NFS server exports? This is easy: run <code>showmount -e <NFS_servername></code> to obtain a list. This is what the output will look like: <code> | I hear you thinking... how do I find out the export list of my NFS server? This is easy: run <code>showmount -e <NFS_servername></code> to obtain a list. This is what the output will look like: <code> |
| # showmount -e bob | # showmount -e bob |
| Export list for bob: | Export list for bob: |
| /home 192.168.0.0/24 | /home 192.168.0.0/24 |
| /var/www/html 192.168.0.0/24 | /var/www/htdocs 192.168.0.0/24 |
| </code> Note that this specific NFS server also exports the webserver's DocumentRoot. What you //don't// see how those exports are configured (access restrictions and such, apart from the allowed IP address range). | /home/ftp/pub 192.168.0.0/24 |
| | </code> Note that this specific NFS server also exports the webserver's DocumentRoot and the ftp server's 'pub' directory. What you //don't// see how those exports are configured (access restrictions and such, apart from the allowed IP address range). |
| |
