Server/SAMBA: Unterschied zwischen den Versionen

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „== Installation == Mit grafischer Oberfläche: apt-get install gadmin-samba kann aber auch über Konfigurationsdatei eingestellt werden. <!-- template == Ko…“)
 
 
(3 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 5: Zeile 5:
kann aber auch über Konfigurationsdatei eingestellt werden.
kann aber auch über Konfigurationsdatei eingestellt werden.


<!-- template
 
== Konfiguration ==
== Konfiguration ==


  $ vim /etc/proftpd/conf.d/custom.conf
  $ vim /etc/samba/smb.conf
[global]
realm =
netbios name = Samba24
server string = Elektrixx Samba server
workgroup = Elektrixx
security = ads
hosts allow = 127. 192.168. 10. 172.22. 172.23.
interfaces = 127.0.0.1/8 192.168.0.0/16 10.0.0.0/8 172.22.0.0/15
bind interfaces only = yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
printcap name = cups
load printers = yes
cups options = raw
printing = cups
guest account = smbguest
log file = /var/log/samba/samba.log
max log size = 1000
null passwords = no
username level = 6
password level = 6
encrypt passwords = yes
unix password sync = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
os level = 80
logon drive = m:
logon home = \\%L\homes\%u
logon path = \\%L\profiles\%u
logon script = %G.bat
time server = yes
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = yes
dns proxy = no
preserve case = yes
short preserve case = yes
client use spnego = no
client signing = no
client schannel = no
server signing = no
server schannel = no
nt pipe support = yes
nt status support = yes
allow trusted domains = no
obey pam restrictions = yes
enable spoolss = yes
client plaintext auth = no
disable netbios = no
follow symlinks = no
update encrypted = yes
pam password change = no
passwd chat timeout = 120
hostname lookups = no
username map = /etc/samba/smbusers
passdb backend = tdbsam
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n
add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u'
add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u'
add group script = /usr/sbin/groupadd '%g'
delete user script = /usr/sbin/userdel '%u'
delete user from group script = /usr/sbin/userdel '%u' '%g'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u'
machine password timeout = 120
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /dev/null
winbind use default domain = yes
winbind separator = @
winbind cache time = 360
winbind trusted domains only = yes
winbind nested groups = no
winbind nss info = no
winbind refresh tickets = no
winbind offline logon = no
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = no
available = yes
browseable = yes
writable = no
guest ok = no
public = no
printable = no
locking = no
strict locking = no
[uploads]
path = /var/www/upload
comment = Elektrixx Upload Directory
alid users = @ftpuser
write list = @ftpuser
directory mask = 0775
create mode = 0775
force user = ftp
force group = ftpuser
read only = no
available = yes
browseable = yes
writable = yes
guest ok = yes
public = yes
printable = no
locking = no
strict locking = no
   
   
# Ftp user doesn't need a valid shell
<Global>
    RequireValidShell off
</Global>
# If desired turn off IPv6
UseIPv6 off
# Default directory is ftpusers home
DefaultRoot ~ ftpuser
# Limit login to the ftpuser group
<Limit LOGIN>
    DenyGroup !ftpuser
</Limit>
== Nutzer anlegen ==
== Nutzer anlegen ==
Für den FTP Zugriff wird ein eigener Benutzer erstellt, ohne gültiger Login Shell und mit dem Homeverzeichnis /var/www/upload:
Für den FTP Zugriff wird ein eigener Benutzer erstellt, ohne gültiger Login Shell und mit dem Homeverzeichnis /var/www/upload:
Zeile 38: Zeile 137:


=== Anonymous Account  ===
=== Anonymous Account  ===
Um einen anonymen Lesezugriff zu erlauben wird folgende Datei erstellt:
$ vim /etc/proftpd/conf.d/anon.conf
<Anonymous ~ftpuser>
        User    ftp
        Group  ftp
        # Users can also login with ftp
        UserAlias      anonymous      ftp
        # All files belong to ftp
        DirFakeUser on ftp
        DirFakeGroup on ftp
        RequireValidShell      off
        MaxClients      10
        <Directory *>
                <Limit WRITE>
                DenyAll
                </Limit>
        </Directory>
</Anonymous>




Zeile 67: Zeile 146:
  Done.
  Done.


== Server starten ==


systemctl start samba.service


==== Schreibzugriff ====
; Autostart
Um den Anonymous Account auch Schreibzugriff zu geben muss folgendes in der Datei anon.conf geändert werden:
<Anonymous ~ftpuser>
        [...]
        <Directory *>
                <Limit WRITE>
                AllowAll
                </Limit>
        </Directory>
</Anonymous>
 
Ausserdem muss das Schreibzugriff für die Gruppe auf das Verzeichnes gesetzt werden:
chmod -R 775 upload/
 
-->
 
== Server starten ==


  systemctl start samba.service
  systemctl enable samba.service


[[Kategorie:Gaming]]
[[Kategorie:Gaming]]

Aktuelle Version vom 8. August 2016, 12:04 Uhr

Installation[Bearbeiten]

Mit grafischer Oberfläche:

apt-get install gadmin-samba

kann aber auch über Konfigurationsdatei eingestellt werden.


Konfiguration[Bearbeiten]

$ vim /etc/samba/smb.conf
[global]
realm =
netbios name = Samba24
server string = Elektrixx Samba server
workgroup = Elektrixx
security = ads
hosts allow = 127. 192.168. 10. 172.22. 172.23.
interfaces = 127.0.0.1/8 192.168.0.0/16 10.0.0.0/8 172.22.0.0/15
bind interfaces only = yes
remote announce = 192.168.0.255
remote browse sync = 192.168.0.255
printcap name = cups
load printers = yes
cups options = raw
printing = cups
guest account = smbguest
log file = /var/log/samba/samba.log
max log size = 1000
null passwords = no
username level = 6
password level = 6
encrypt passwords = yes
unix password sync = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
domain master = yes
preferred master = yes
domain logons = yes
os level = 80
logon drive = m:
logon home = \\%L\homes\%u
logon path = \\%L\profiles\%u
logon script = %G.bat
time server = yes
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = yes
dns proxy = no
preserve case = yes
short preserve case = yes
client use spnego = no
client signing = no
client schannel = no
server signing = no
server schannel = no
nt pipe support = yes
nt status support = yes
allow trusted domains = no
obey pam restrictions = yes
enable spoolss = yes
client plaintext auth = no
disable netbios = no
follow symlinks = no
update encrypted = yes
pam password change = no
passwd chat timeout = 120
hostname lookups = no
username map = /etc/samba/smbusers
passdb backend = tdbsam
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n
add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u'
add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u'
add group script = /usr/sbin/groupadd '%g'
delete user script = /usr/sbin/userdel '%u'
delete user from group script = /usr/sbin/userdel '%u' '%g'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u'
machine password timeout = 120
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /dev/null
winbind use default domain = yes
winbind separator = @
winbind cache time = 360
winbind trusted domains only = yes
winbind nested groups = no
winbind nss info = no
winbind refresh tickets = no
winbind offline logon = no

[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = no
available = yes
browseable = yes
writable = no
guest ok = no
public = no
printable = no
locking = no
strict locking = no

[uploads]
path = /var/www/upload
comment = Elektrixx Upload Directory
alid users = @ftpuser
write list = @ftpuser
directory mask = 0775
create mode = 0775
force user = ftp
force group = ftpuser
read only = no
available = yes
browseable = yes
writable = yes
guest ok = yes
public = yes
printable = no
locking = no
strict locking = no

Nutzer anlegen[Bearbeiten]

Für den FTP Zugriff wird ein eigener Benutzer erstellt, ohne gültiger Login Shell und mit dem Homeverzeichnis /var/www/upload:

$ adduser ftpuser --shell /bin/false --home /var/www/upload
Adding user `ftpuser' ...
Adding new group `ftpuser' (1001) ...
Adding new user `ftpuser' (1001) with group `ftpuser' ...
Creating home directory `/var/www/upload' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
[...]

Anonymous Account[Bearbeiten]

Damit der Benutzer ftp auf den anonymen FTP-Bereich zugreifen darf, muss er der Gruppe ftpuser hinzugefügt werden:

$ adduser ftp ftpuser
Adding user `ftp' to group `ftpuser' ...
Adding user ftp to group ftpuser
Done.

Server starten[Bearbeiten]

systemctl start samba.service
Autostart
systemctl enable samba.service