Server/SAMBA

Aus Wiki StuRa HTW Dresden
Wechseln zu: Navigation, Suche

Installation[Bearbeiten]

Mit grafischer Oberfläche:

apt-get install gadmin-samba

kann aber auch über Konfigurationsdatei eingestellt werden.


Konfiguration[Bearbeiten]

$ vim /etc/samba/smb.conf
[global]
realm =
netbios name = Samba24
server string = Elektrixx Samba server
workgroup = Elektrixx
security = ads
hosts allow = 127. 192.168. 10. 172.22. 172.23.
interfaces = 127.0.0.1/8 192.168.0.0/16 10.0.0.0/8 172.22.0.0/15
bind interfaces only = yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
printcap name = cups
load printers = yes
cups options = raw
printing = cups
guest account = smbguest
log file = /var/log/samba/samba.log
max log size = 1000
null passwords = no
username level = 6
password level = 6
encrypt passwords = yes
unix password sync = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
os level = 80
logon drive = m:
logon home = \\%L\homes\%u
logon path = \\%L\profiles\%u
logon script = %G.bat
time server = yes
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = yes
dns proxy = no
preserve case = yes
short preserve case = yes
client use spnego = no
client signing = no
client schannel = no
server signing = no
server schannel = no
nt pipe support = yes
nt status support = yes
allow trusted domains = no
obey pam restrictions = yes
enable spoolss = yes
client plaintext auth = no
disable netbios = no
follow symlinks = no
update encrypted = yes
pam password change = no
passwd chat timeout = 120
hostname lookups = no
username map = /etc/samba/smbusers
passdb backend = tdbsam
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n
add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u'
add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u'
add group script = /usr/sbin/groupadd '%g'
delete user script = /usr/sbin/userdel '%u'
delete user from group script = /usr/sbin/userdel '%u' '%g'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u'
machine password timeout = 120
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /dev/null
winbind use default domain = yes
winbind separator = @
winbind cache time = 360
winbind trusted domains only = yes
winbind nested groups = no
winbind nss info = no
winbind refresh tickets = no
winbind offline logon = no

[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = no
available = yes
browseable = yes
writable = no
guest ok = no
public = no
printable = no
locking = no
strict locking = no

[uploads]
path = /var/www/upload
comment = Elektrixx Upload Directory
alid users = @ftpuser
write list = @ftpuser
directory mask = 0775
create mode = 0775
force user = ftp
force group = ftpuser
read only = no
available = yes
browseable = yes
writable = yes
guest ok = yes
public = yes
printable = no
locking = no
strict locking = no

Nutzer anlegen[Bearbeiten]

Für den FTP Zugriff wird ein eigener Benutzer erstellt, ohne gültiger Login Shell und mit dem Homeverzeichnis /var/www/upload:

$ adduser ftpuser --shell /bin/false --home /var/www/upload
Adding user `ftpuser' ...
Adding new group `ftpuser' (1001) ...
Adding new user `ftpuser' (1001) with group `ftpuser' ...
Creating home directory `/var/www/upload' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
[...]

Anonymous Account[Bearbeiten]

Damit der Benutzer ftp auf den anonymen FTP-Bereich zugreifen darf, muss er der Gruppe ftpuser hinzugefügt werden:

$ adduser ftp ftpuser
Adding user `ftp' to group `ftpuser' ...
Adding user ftp to group ftpuser
Done.

Server starten[Bearbeiten]

systemctl start samba.service
Autostart
systemctl enable samba.service