Creating a file server on ubuntu. Linux server for small groups. Installing a Linux server. Linux file server. Configuring shared directory settings

30.03.2010

File server, along with a router, can be called, without exaggeration, an essential item for any organization. Using Linux for such a server looks very attractive, at least in small organizations that do not require close integration with AD. And the money saved on the cost of Windows Server and client licenses for it will be very useful in our times of crisis.

We will consider setting up a file server using the example of our conditional network, which already has a router, which we are setting up, although no one bothers to combine these functions on one server.

Now let's move on to setting up the file server role. To implement it we need Samba, this package provides file and printer sharing to clients on Microsoft networks.

Sudo apt-get install samba

To configure, edit the file /etc/samba/smb.conf, let's start with the global section, the parameters of which apply to all services. Let's set the workgroup name:

workgroup = WORKGROUP

To access the resources of the file server without authorization on it, set the following parameter:

Security = share

If the server has several network interfaces, for example, combined with a router, then you can (and should) limit access to the file server to the internal network. Let's say we have eth0 - an external network, eth1 - an internal one, to work only with the internal interface we specify:

Interfaces = lo, eth1
bind interfaces only = true

Initially, these settings are enough, do not forget to save the changes. Let's consider the settings of service sections, let's say we need a shared resource 1CBases for hosting 1C:Enterprise databases. Let's create a new directory /data/1CBases, and set full rights to it for everyone:

Sudo mkdir /data/1CBases
sudo chmod 777 /data/1CBases

In the end smb.conf add the following section:

path = /data/1CBases
guest ok = yes
writeable = yes

With the section parameters, everything is very clear; the section name (in square brackets) determines the name of the shared resource. The first parameter specifies the path to it, the second and third allow guest access and writing, respectively. Save the configuration file and restart Samba:

Sudo /etc/init.d/samba restart

After which our server should be visible in the Windows network environment and a shared folder will be available on it 1CBases.

For remote administration Samba We recommend installing a package that provides a web interface Swat:

Sudo apt-get install swat

In order to take advantage of all the features of the package, you will need to log in as root. But by default in Ubuntu, root does not have a password, so let’s set it (and don’t forget that now you need to enter it to perform administrative tasks) and reboot:

Sudo passwd root
sudo reboot

Now in any browser you just need to type http://server_name:901 and, after authorization, get full access to the settings Samba.

Authors Swat are the developers Samba, so this solution can be regarded as “native”. Really Swat provides full access to all settings Samba and allows you to perform almost any task without manual editing smb.conf.

Deploying a file server for Windows machines on Ubuntu is quite simple. Typically, such a server is used to organize file storage within an Active Directory domain.

At the same time, you can easily create file servers on a domainless network, including for home use.

In any case, use Samba - install it using the Synaptic package manager or the following command:

sudoapt-get install samba

FileserverVcompositiondomainActive Directory

To create a file server integrated into an Active Directory domain, you first need to join your Ubuntu machine to the domain.

To create a file server, you do not need to configure PAM; you just need to add domain users and groups to the system via Winbind.

After logging into the domain, configure shared resources on your computer. Please note that Samba will map Windows file permissions to Unix permissions, but fundamental differences in the permissions mechanisms will likely prevent it from doing so. File rights are always and in any case managed by your file system on a computer running Ubuntu, and Samba can only adapt to them, but not change their behavior.

So by default, shared resources will have modest access control capabilities, including assignment different rights for the user, group and everyone else. But you can easily fix this by adding POSIX ACL support to the FS. Then you can assign different rights to different users and groups, much like in Windows.

POSIX ACL support can be found in ext3/4, and to activate it you only need to add the acl parameter to the mount options of the desired partition.

Important! The directory that needs to be shared via Samba must be on a disk mounted with the acl option. Otherwise, it will be impossible to properly apply the mechanism for delimiting access rights to files on the shares.

Another thing to keep in mind is that POSIX ACLs do not support inheritance of access rights from parent directories, while Windows does have this feature. So Samba has an additional mechanism for storing permission inheritance information using extended file system attributes. In order for Samba to correctly handle inheritance of rights, in addition to acl, add the user_xattr parameter to the file system mounting options, which is responsible for enabling support for extended attributes.

For example, it is convenient to use separate LVM disks to organize shared resources. In this case, the lines in fstab for them look like this:

/dev/mapper/data-profiles /var/data/profiles ext3defaults,noexec,acl,user_xattr 0 2

The noexec option is needed to be on the safe side: there should be 100% no Linux executable files on Windows shares.

Install the package of necessary utilities for working with acl on Ubuntu:

Sudo aptitude install acl

Now view the extended rights (i.e. ACL) on a file or directory with the following command:

Getfacl file

Install with this command:

Setfacl file

Don't forget that the POSIX ACL mechanism has nothing to do with Samba - it's just an add-on to the standard Linux permissions mechanism. So Samba can use it, but cannot change or bypass it in any way.

To use extended FS attributes, a utility package similar to acl - attr - is useful, install it with the following command:

Sudo aptitude install attr

To view extended attributes, use the command:

Getfattr file

And to install do:

Setfattr file

Remember that Samba stores all inheritance information in binary form in a single extended attribute, user.SAMBA_PAI. So changing something using setfattr will not work, only complete removal of extended attributes is possible (in some cases this becomes necessary).

It is possible to control the inheritance of rights from a Windows machine using the standard tools of this system, or the smbcacls utility.

Extended file system attributes allow Samba to enable full support for DOS file attributes (for example, hidden, archive, etc.).

If your system has a directory that needs to be shared via Samba (and it is located on a disk mounted with acl and user_xattr support), configure its sharing - enter the necessary information in the /etc/samba/smb.conf file.

First of all, take care of the general settings for adding to the section of this file:

# Disable printer sharing. Unless, of course, you really want to share them. # To completely disable you need to specify all 4 lines below load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # Make it hidden when viewed from Windows files with the following names hide files = /$RECYCLE.BIN/desktop.ini/lost+found/Thumbs.db/ # Use the next UNIX user as Guest for the public share guest account = nobody # Treat unregistered users as guest map to guest = Bad User ## Settings that use extended file system attributes # Handle inheritance of rights using extended FS attributes map acl inherit = yes # Use extended FS attributes to store DOS attributes store dos attributes = yes # Disable DOS attribute mapping on UNIX rights, enabled by default # According to man smb.conf, when using extended attributes, these options must be disabled map archive = no map system = no map hidden = no map readonly = no

Then configure the shared resource itself. In the example it is indicated as profiles, and physically on an Ubuntu machine it is located at /var/data/profiles:

# Comment comment = User Profiles # Path to the folder we are sharing path = /var/data/profiles/ # Users with unlimited access rights to the share # I have a Domain Administrators group. # These users are treated as local root when working with files admin users = "@DOMAIN\ Domain Administrators " # Hide folders that the user does not have access to hide unreadable = yes # Access is not read only read only = no # Masks for created files - can be set as desired#create mask = 0600 #directory mask = 0700 # Disabling locks - it's better to disable locking = no

There are a number of other options - all detailed information is in the Samba documentation.

Be sure to set the correct owner and access rights to the shared folder, otherwise writing to it may be prohibited at the Linux permission level. You can do this:

Sudo chmod ug + rwx /var/data/profiles sudo chown root :"domain users" / var/data/profiles

Attention! Since your Ubuntu machine is joined to a domain, you can use domain users and groups as file owners directly in Ubuntu.

Check that Samba is configured correctly with the following command:

Sudo /etc/init. d/samba restart

Now you can access the shared resource from any machine in the domain. But don’t forget about the SGID and Sticky bits for directories, designed to inherit the owning group and prevent users from deleting files that are not theirs - this is especially true for multi-user storages. At the same time, unlike editing rights from Windows, it is impossible to change these bits on folders on a shared resource - only manually directly on the Ubuntu computer.

Samba allows you to store previous versions of files, which can be useful when creating shares of user data.

Standalone file server

Not everyone has an Active Directory domain. Therefore, there is often a need to organize Linux machine independent file storage with own system authorization. It is not difficult.

In this case, all information about users will be stored in the Samba database, and users will have to be added and deleted manually.

The main thing is to decide on the method of access to the resource used. You should correctly set the value of the security parameter in the section of the /etc/samba/smb.conf file.

The default value is share or user.

And do not forget to change the value of the workgroup parameter to the appropriate one, and all other settings will directly depend on specific goals.

At home it is convenient when everyone can see everyone. To do this, simply add 4 lines to the section of the /etc/samba/smb.conf file (some may already be present):

[ global ] workgroup = WORKGROUP map to guest = Bad User netbios name = NOTEBOOK security = user

NOTEBOOK - the name of the computer that will be on the network. Also install additional programs:

Then add the following lines to the end of the /etc/samba/smb.conf file, and replace “yuraku1504” with the username of the Samba computer:

[MyShareWork] comment = Anonymous Samba Share path=/home/yuraku1504/share guest ok= yes browsable = yes writable = yes read only = no force user = yuraku1504 force group = yuraku1504

The folder will be opened for reading and writing.

first of all, the article is for myself and for the same fools of novice system administrators or those who sympathize with them. so to speak, step-by-step instructions.
a server on Linux can be made from almost any old computer. The server version of Linux is not fancy, but works excellently. at your disposal may be: a file server (file storage), a printer server (centralized management of a printer or printers), a mail server (mailer), a game server (your own game server, necessarily with blackjack and whores), you can simply How to use a gateway to the Internet. There are many possibilities (I haven’t listed them all here).

today I'm interested in file server And web server(for the game support site). This post will be about them.

1. installing a linux distribution. creating users.
The already favorite Ubuntu was taken as a basis. specifically in this case, fresh was used Ubuntu 9.10 server i386.
You can download the isoshnik for free from the official Canonical website.

after loading the working console, I installed Midnight Commander. This is a pseudo-graphical shell, similar to Norton Commander (at one time it was installed on the gooless MS DOS). very convenient to use.
$ sudo apt-get install mc
$mc

I plan to have several games on the server. accordingly, I will create several accounts with minimal rights.

2. configure samba and raise the file server.
First, let's configure the server's network card. select a free IP address (I had 192.168.1.4 free).
We configure the grid by editing the file: /etc/network/interfaces:
$ sudo nano -w etc/network/interfaces
interfaces file contents:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.4
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

[note that "address" is written with two"d" and two"s". I had some mistakes here. most likely due to carelessness]

then:
# echo server.home.net > /etc/hostname

And further:
$hostname
$ hostname -f
these two commands should display the name server.home.net.

now, actually, samba. If you didn’t select Samba file server at the very beginning (during installation of the distribution), then it’s okay. We can now install all the necessary packages:
$ sudo apt-get install samba smbclient smbfs ntp ntpdate

we installed the programs: Samba, SMBlient and SMBFS, which are the basis for our file server.
I installed the latest packages - NTP and NTPDate - so that the server could synchronize its system clock over the Internet.

Let's execute a command that will make our disk accessible to all network users (we will give them full rights to this disk).:
$ sudo mkdir /media/multimedia
$ sudo chmod 777 /media/multimedia

Now let's configure Samba.
this is necessary so that our file server is visible on the home network.
By default, in Windows, all network computers are included in a workgroup called MSHOME.
Let's check that samba has the same workgroup name in the configuration file:
$ sudo nano -w /etc/samba/smb.conf

find and edit the line:
workgroup = MSHOME

[You can, of course, assign your own values to the workgroup parameter. just remember that the name of the workgroup in Windows and Linux must be the same.]

so that the disk is visible, as well as read and written for all network users, add to the end of the config:
comment = Public Folder
path = media/multimedia
public = yes
writable = yes
create mask = 0777
directory mask = 0777
force user = nobody
force group = nogroup

[note that "nogroup" is written seamlessly. In many descriptions the settings are written separately. It didn’t work for me when writing separately]

save the changes to the file and reload the Samba package:
$ sudo /etc/init.d/samba force-reload

3. install apache and launch the web server.
you don't need much for a web server. everything is quite simple here. you need to install apache (what is Apache) and have HTML skills.
$ sudo apt-get install apache2

After installing Apache, you can start creating a website. By default, the address of your site will be the same as the IP address of your server in the local area (for example, http://192.168.1.4). this is no good. you need a human address (domain name, read about domains). There are two options here.
1. buy. normal second-level domain (such as http://myserver.com).
2. take a free one, but of the third level (like http://game.myserver.com).

paid costs about 600 rubles for half a year. free - not worth a damn.

I used a free third-level domain for my server at http://dynDNS.com. There you need to register, select a domain name (provided that it is free), indicate your real ip (). on your Internet gateway (or router), configure port forwarding on port 80 from HTTP to your internal server IP.

As a result (if everything is configured correctly), when accessing the address you registered, the user ends up on the main web page of the site on your server.

how to set up your website.
all site settings are in /var/www. by default in this directory there is one modest index.html with an inscription It works!, which hints to us about normal operation.
This file can/should be edited to suit you, to create your own website.

restart the server with the command:
$ sudo shutdown -r now

In this article we will tell you how to install and configure file storage on the operating system. Linux system, or rather, server Ubuntu 16.04 LTS will be used. Most deb-based distributions are configured in a similar way.

Such a server can be used for network installation of a 1C:Enterprise file database - this is much more reliable than storing it on one of the users’ work computers. Or such a server can be adapted for network backup storage.

Just do not use the same server to install the infobase and store its backup copies.

Why Linux? Firstly, it is free and completely legal. Secondly, Linux consumes much less hardware resources, and even old, scrapped equipment will do an excellent job of file storage. Thirdly, a well-configured Linux practically does not require the intervention of a system administrator; it is operated according to the “set it and forget it” principle.

So, let's begin…

Equipment selection

As I already wrote, almost any equipment will suit us, but we still have some wishes. Since the server will be a file server, our wishes will concern the disk system. It would be nice to find a machine with a RAID controller on board. If we are making a server to host a working file database, it would be a good idea to place it on RAID-5; if the storage is for backups, RAID-1 would be an excellent option.

At the same time, we have no special requirements for random access memory, 1 GB is enough. There are also no special requirements for the processor; Linux will run on anything that is still alive.

Perhaps the best option is to purchase a refurbished, used server. Take the cheapest one you can find, the main thing is that it has undergone maintenance beforehand, it has been cleaned of dust and all system tests have been run.

For lack of a better one, you can use any old computer, but remember that you do this at your own peril and risk. The most vulnerable point of a file server is the disk subsystem. If you have it consisting of one single old disk, you are taking a very big risk.

If you cannot find a RAID controller, you can configure software RAID using the operating system. Please note that this will increase the requirements for the processor and RAM, but you will not be afraid of controller failure.

Operating system installation

First, let's define the server architecture. If you know the brand of processor installed in the server, by reading its specifications you will find out whether it is compatible with x86-64 (64 bit) or only i386 (32 bit) architecture. An indirect sign is the size of the RAM, 32-bit architecture cannot work with RAM of more than 3 GB, sometimes 4 GB of memory was installed in this architecture, but only 3 GB was visible in the system.

Contact the Father of Bots, first send him the command /start, then /newbot. Next, answer the questions of the Father of Bots, as a result you will receive from him a token and a link to your bot.

Open the configuration file

$ nano backtracker.conf

and set up

Token = # Here you need to specify the telegram bot token received from the Father of Bots failonly = # False if you want to receive messages about the presence of new files or True if only about their absence path = # Specify the path to the scanned folders hours = # Specify the “freshness” of the files in hours, for example 8

Run the utility

$./backtracker.ry

The first launch is needed to automatically determine the ID of the Telegram subscriber who will receive messages (this is not his phone number). Connect to your bot using the link that the Father of Bots gave you and send it the /start command. In response, you will receive a message that your ID has been determined, and the utility will configure itself and close. Run it again to perform the scan.

After setting up and checking the operation of the utility, add it to the cron daemon schedule

$ crontab -e

Add a line

0 8 * * * ~/backtracker/backtracker.py

The scan will run every day at 8 am. If something goes wrong at night, you will know about it.

System Resources

You can monitor server resources using the console utility top or its more colorful version htop. Let's install and launch it

$ sudo apt install htop $ htop

Monitor RAM usage periodically. If you often experience loads around 100%, set up a swap file.

$ sudo dd if=/dev/zero of=/swapfile bs=1M count=1024 $ sudo chmod 600 /swapfile && sudo mkswap /swapfile $ sudo swapoff -a $ sudo swapon /swapfile $ echo "/swapfile swap swap defaults 0 0 "| sudo tee -a /etc/fstab

Here count=1024 is the size of the paging file in megabytes.

Disk space

To monitor the file system, it is convenient to use the Midnight Commander file manager. If you have seen the times of MS DOS and Notron Commander, then there is no need to explain anything.

Install and launch

$ sudo apt install mc $ mc

It’s so convenient to monitor file storage, quarantine, and free disk space.

Chapter 11: Setting Up a Read-Only File Server

11.1. Creating a shared directory

Let's start working with the Samba server by setting up a simple file server with read-only access. Every client (even anonymous clients using guest access) will be able to read the contents of shared files.

The first step is to create a directory and place several test files in it.

# mkdir -p /srv/samba/readonly # cd /srv/samba/readonly/ # echo "It's cold today." >winter.txt # echo "It's hot today." >summer.txt # ls -l total 8 -rw-r—r— 1 root root 17 Jan 21 05:49 summer.txt -rw-r—r— 1 root root 18 Jan 21 05:49 winter.txt #

11.2. Configuring shared directory settings

11.2.1. Section of global parameters of the smb.conf configuration file

In this example, the Samba server is in a workgroup named WORKGROUP (which is a standard workgroup). We also specify a server description string that can be seen by users exploring the network using the net view command, Windows Explorer, or the smbclient utility.

# head -5 smb.conf workgroup = WORKGROUP server string = Public Anonymous File Server netbios name = TEACHER0 security = share

You may have noticed a line in the above section of the server configuration file. This line sets standard mode restrictions on access to our Samba server. Setting the access mode allows clients (which can be the smbclient utility, any version of Windows OS, another Samba server) to provide a password to access each of the shared resources. This is one of the options for using the SMB/CIFS protocol. Another use of this protocol (called user mode) allows the client to provide a username and password combination before the server obtains information about the share the client wishes to access.

11.2.2. Section of shared resource settings of the smb.conf configuration file

Our shared resource will be named pubread, and the path to the previously created directory will be used as the path (specified using the path parameter). Each user will be able to access this directory (through the use of the parameter value) read-only (according to the parameter value).

Path = /srv/samba/readonly comment = files to read read only = yes guest ok = yes

Below is a very similar configuration used by the Samba server included with the Ubuntu 11.10 distribution.

root@ubu1110:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = UBU1110 security = share path = /srv/samba/readonly read only = yes guest ok = yes

In fact, the name of the Linux distribution you use is not critical. Below is a similar configuration used by the Samba server included in the Debian 6 distribution, which is essentially identical to the one above.

root@debian6:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = DEBIAN6 security = share path = /srv/samba/readonly read only = yes guest ok = yes

11.3. Restarting the server

After testing the configuration file using the utility, you should restart the Samba server (so that you do not have to wait for information about the shared resource to begin distributing between computers on the network).

# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]

11.4. Checking the presence of a shared resource

11.4.1. Checking using the smbclient utility

Now you can check the availability of a shared resource using the utility. Our share is the fourth share in the list.

# smbclient -NL 127.0.0.1 Domain= OS= Server= Sharename Type Comment ——— —- ——- IPC$ IPC IPC Service (Public Anonymous File Server) global$ Disk pub0 Disk pubread Disk files to read Domain= OS= Server= Server Comment ——— — —- TEACHER0 Samba 3.0.33-3.7.el5 W2003EE Workgroup Master ——— ——- WORKGROUP W2003EE

11.4.2. Check using Windows OS

The last step in checking for the presence of a shared resource is to read the file from the Samba shared directory using a computer running Microsoft Windows. First of all, we must use the command to mount the pubread shared directory as a disk drive, denoted by the letter K:.

C:\> net use K:\\teacher0\pubread The command completed successfully.

After this, we must check the ability to view the contents of the shared directory and read files from this directory.

C:\> dir k: Volume in drive K is pubread Volume Serial Number is 0C82-11F2 Directory of K:\ 01/21/2009 05:49

. 21/01/2009 05:49 .. 01/21/2009 05:49 17 summer.txt 01/21/2009 05:49 18 winter.txt 2 File(s) 35 bytes 2 Dir(s) 13.496.242.176 bytes free

In order to simply make sure that it is safe to use a Samba server to organize file sharing, let's try to write data to a file from a directory shared with it.

K:\> echo very cold > winter.txt Access is denied. K:\>

Or, you can use Windows Explorer.

11.5. Note about using netcat utility

The above Windows shell output was obtained in the Linux console using a utility to interact with the Windows command shell.

This utility works quite simply: it waits for a connection to a specific port of a computer running Windows OS, and executes the command shell binary file cmd.exe after receiving the connection. The netcat utility is similar to the cat utility in the sense that, like the cat utility, it does nothing other than transfer data, but the netcat utility is designed to transfer data over a network.

To create the conditions necessary to establish the described connection, you should run the following command on a computer running Windows OS (after downloading the Windows version of the netcat utility).

nc -l -p 23 -t -e cmd.exe

After this, you can establish a connection to this machine using the netcat utility from any computer running Linux control. This will display the cmd.exe shell greeting in your Linux shell.

Setting up a corporate file server on Debian Linux

C:\> net use k: /delete net use k: /delete k: was deleted successfully.

11.6. Practice: Setting up a file server with read-only access

11.7. The correct procedure for completing a practical task: setting up a file server with read-only access

1. Create a directory to allow each client on the network to have read-only access to its files in a suitable file system directory (following the standard FHS file system hierarchy).

Select one of the following options:

The directory must not be used!

The directory should not be used either!

The directory is also not suitable!

2. Make sure that you have set the correct owner ID for the created directory and that the files in it are public.

chown root:root /srv/samba/readonly chmod 755 /srv/samba/readonly

3. Place the text file in the created directory.

echo Hello World > hello.txt

4. Provide all clients with access to the created directory over the network using the Samba server.

Your Samba server configuration file smb.conf.readonly might look like this:

Workgroup = WORKGROUP server string = Read Only File Server netbios name = STUDENTx security = share path = /srv/samba/readonly comment = read only file share read only = yes guest ok = yes

Test its correctness using the testparm utility before use!

5. Check from your computer and a separate computer (using the smbclient, net use, commands) the readability of files from the shared directory.

If using Linux:

If using Windows Explorer: Go to the My Network Neighborhood directory.

If you are using the Windows command shell

6. Create a backup copy of your smb.conf server configuration file named smb.conf.ReadOnlyFileServer.

cp smb.conf smb.conf.ReadOnlyFileServer

If you liked the article, share it with your friends:

Samba- a program that allows you to access network drives on various operating systems via SMB/CIFS protocol. It has client and server parts. It is free software, released under the GPL license.

Samba runs on most Unix-like systems such as GNU/Linux, POSIX-compliant Solaris and Mac X Server, various BSD variants, /2, Windows. Samba included in almost all GNU/Linux distributions, including, of course, Ubuntu.

To make a shared folder in Ubuntu Desktop, just right-click on the folder and select the “Publish Folder” menu item. There is no need to edit any configuration files. Everything described below applies only to manual configuration, for example, in the case of creating a file server.

To install, just open a terminal and enter:

sudo apt-get install samba

The application will be automatically downloaded and installed.

Using the terminal, we will make a backup copy of the initial configuration file:

sudo cp /etc/samba/smb.conf(,.bak)

Now you can edit the settings file /etc/samba/smb.conf; to do this, open it in any text editor with superuser rights. For example, like this:

sudo nano /etc/samba/smb.conf

— what is written below is generally speaking just one specific scenario for using Samba, and in a huge number of cases everything is configured absolutely wrong. The article needs to be corrected, focusing on the capabilities of Samba, and not just on the use of this program as a file storage with local authorization. It is better to include the example with file storage in a separate detailed article.

An example of setting up Samba as a standalone file server with authorization:

; Global server settings; General server settings ; Computer name that will be displayed in the network environment netbios name = main-server server string = ; Client workgroup workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true ; File for user name aliases username map = /etc/samba/smbusers name resolve order = hosts wins bcast ; wins support is set to yes if your nmbd(8) in Samba is a WINS server. Do not set this parameter to yes unless you have multiple subnets and do not want your nmbd to act as a WINS server. Never set this parameter to yes on more than one machine within the same subnet. wins support = no ; Printer support printing = CUPS printcap name = CUPS ; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no ; Configuring binding to which interfaces to listen on, if listens on all interfaces are not specified; interfaces = lo, eth0 ; bind interfaces only = true ; ; ; path = /var/lib/samba/printers ; browseable = yes ; guest ok = yes ; read only = yes ; write list = root ; create mask = 0664 ; directory mask = 0775 ; ; ; path = /tmp ; printable = yes ; guest ok = yes ; browseable = no ; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Shara hard drive; The name of the balls is visible from clients; Path to the shared disk path = /media/sda1 ; Is it possible to browse browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 ; Linking to a specific user name or group, names separated by a space; force user = user1 user2 ; force group = group1 group2 ; Another hard drive, similar to the one above path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755

Now we need to deal with the users.

Samba uses users that are already in the system, let’s take the name user as an example, let’s say that it is already in the system, we need to add it to the SMB database and assign a password to access shared resources, we’ll do this with the command:

smbpasswd -a user

You will be prompted to enter a password, the user will be added to the database, now you need to enable this user.

smbpasswd -e user

Next, let's create an alias for the user name user to make it easier for us to access from a Windows machine on which we have, for example, a user named Admin. To do this, we'll create and edit the file /etc/samba/smbusers:

sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers

Write a couple of lines into the file

# Unix_name = SMB_name1 SMB_name2 user = Admin

This completes the setup, restart Samba.

For Ubuntu 10.04 version use the command:

sudo service smbd restart

For earlier versions use:

sudo /etc/init.d/samba restart

Now you can use shared resources.

Setting up a Samba server on Ubuntu

Customization apps

There are also applications that allow you to configure Samba through a graphical interface (see GUI applications for working with Samba).

You can install the simplest one for Samba with the command:

sudo apt-get install system-config-samba

It is launched with the command:

sudo system-config-samba

It writes all changes to the samba configuration file.

For remote administration of Samba, webmin is perfect as a web interface for Samba.

File server for Windows network

Very often Samba is used to create a file server on a Windows network. A separate article is devoted to a description of this use case:

Articles about Samba

Links

Opening Windows to a Wider World. (slogan on www.samba.org)

Samba - implementation of network protocols Server Message Block (SMB) And Common Internet File System (CIFS). The main purpose is to share files and printers between Linux and Windows systems.

Samba consists of several daemons that run in the background and provide services and a number of command line tools for interacting with Windows services:

smbd- a daemon that is an SMB server for file services and print services;
nmbd- a daemon that provides NetBIOS naming services;
smblient— the utility provides command line access to SMB resources. It also allows you to get lists of shared resources on remote servers and view your network environment;
smb.conf— a configuration file containing settings for all Samba tools;

List of ports used by Samba

An introductory article about the basic principles of sharing files and printers.

Server installation and configuration

# under Arch Linux, server yaourt -S samba # under Arch Linux, client yaourt -S smbclient # under Ubuntu, server sudo apt-get install samba samba-common system-config-samba

Copy the settings file smb.conf

sudo cp /etc/samba/smb.conf.default /etc/samba/smb.conf

By default they are created resources for user home directories (section homes V smb.conf) and printers (section printers).

Access to the resource can be password-based or anonymous. For the first method there are a couple of points:

the user must exist in the system (created using the command and set a password);
the user must be added as a Samba user (using the command);

View users

sudo pdbedit -L -v

It is necessary that the computers belong to the same workgroup, in Windows this is the default WORKGROUP, so we will use it.

Below is an example of a simple file smb.conf with settings for anonymous access to the directory /srv/samba/public.

sudo mkdir -p /srv/samba/public sudo chmod -R 0777 /srv/samba/public

Parameter names are not case sensitive. There are synonyms for some common parameters, and antonyms for others. For example, writable And writeable are synonyms, and read only– an antonym for them, i.e. option read only = yes is equivalent to option writable = no.

Workgroup = WORKGROUP server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = user map to guest = Bad User dns proxy = no # follow symlinks unix extensions = no wide links = yes follow symlinks = yes # utf encoding dos charset = cp866 unix charset = UTF8 # disable printers load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # hosts allow = 127. 192.168.24 . # by default, all files starting with a dot will have the “hidden” attribute hide dot files = yes comment = public folder path = /home/proft/public read only = no locking = no browsable = yes # allow guest access guest ok = yes force user = nobody force group = nobody # guest only = yes # create mode = 0777 # directory mode = 0777 # allow access only user1, user2 # valid users = user1, user2

Let's check the correctness of the settings using the command

The option specifies to also display default values.

Let's start the Samba server

# under Arch Linux sudo systemctl start smbd # under Ubuntu, server sudo service start smbd

Let's check the connection to Samba per port 139 by using

telnet 192.168.24.100 139

Samba has a number of options related to user authentication. The most important of them is the parameter security, which can take five different values