Linux start samba daemon

Linux.yaroslavl.ru

Using Samba

Существует два процесса Samba, smbd и nmbd, которые необходимы для корректной работы Samba. Есть три способа их запуска:

Если вы спешите, то вы можете запустить демоны Samba вручную. Как пользователь root, просто введите следующие команды:

С этого момента, Samba будет запущена на вашей системе и готова для установки соедиений.

Чтобы запустить процессы Samba как отдельные демоны, вам необходимо добавить команды, перечисленные в предыдущей секции, в ваш стандартный скрипт запуска в Unix. Это зависит от того, имеете ли вы систему типа BSD Unix или System V Unix.

При стиле BSD Unix, вам необходимо добавить следующие строки в файл rc.local, который обычно находится в директориях /etc или /etc/rc.d :

Этот код достаточно прост; он проверяет, имеет ли файл smbd разрешение на запуск и если имеет, то он запускает каждый демон Samba при загрузке.

С System V придется поработать больше. System V обычно использует скрипты для запуска и остановки демонов в системе. Поэтому, вам придется указать Samba каким образом ему работать при запуске и остановке. Вы можете изменить содержание директории /etc/rc.local и добавить что-то похожее на данную программу под именем smb:

При помощи этого скрипта вы можете запускать службу SMB при помощи следующих команд:

Inetd – это супер демон Internet в UNIX . Он слушает порты, описанные в / etc / services и запускает соответствующую программу для данного порта, которая определена в файле / etc / inetd . conf . Смысл этого заключается в том, что вы можете иметь большое число демонов, готовых отвечать на запросы, но они не обязательно должны быть запущены. В место этого inetd слушает за остальных. Выгода заключается в том, что для создания нового процесса необходимо выполнить немного операций. Это удобно, если один или два пользователя на вашем компьютере имеют слишком много запущенных демонов. Это также полезно для проведения обновления без разрыва установленных соединений.

Если вы желаете запустить через inetd, для начала откройте /etc/services в текстовом редакторе. Ели вы до сих пор не добавили следующие линии, сделаете это:

Далее, отредактируйте /etc/inetd.conf. Взгляните на следующие две строки и добавте их, если они отсутствуют. Если вы уже имеете строки с smbd и nmbd в файле, отредактируйте их в соответствии с заново установленными smbd и nmbd. Ваша разновидность Unix-а может использовать немного другой синтакс файла; используйте существующие записи и станицы документации inetd.conf в качестве руководства:

Окончательно, убейте любые процессы smbd или nmbd и пошлите процессу inetd сигнал HUP. (Демон inetd заново прочитает свой конфигурационный файл по сигналу HUP.) Чтобы сделать это, используйте команду ps для того, чтобы найти ID процесса, после чего пошлите сигнал при помощи следующей команды:

Источник

Помогите запустить демон Samba

Вообщем узнал о Linux всего 2 месяца назад.
Пару дней назад поставил сервак xubuntu, установил на нём samba из репозитория.
Поковырял конфиг smb.conf, сопсна вот он:
[global]
workgroup = MYHOMENET
server string = %h server (Samba, Ubuntu)
; wins support = no
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
interfaces = 192.168.84.0/24 eth0
bind interfaces only = true
log file = /var/log/samba/log.%m

max log size = 1000

; syslog only = no

panic action = /usr/share/samba/panic-action %d
security = share

encrypt passwords = true

passdb backend = tdbsam

obey pam restrictions = yes

guest account = guest
invalid users = root

; unix password sync = no

passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssucc
essfully* .

; pam password change = no

; domain logons = yes
; logon path = \\%N\profiles\%U
; logon path = \\%N\%U\profile

; logon drive = H:
; logon home = \\%N\%U

; logon script = logon.cmd

; add user script = /usr/sbin/adduser —quiet —disabled-password —gecos «» %u

; load printers = yes

; printing = bsd
; printcap name = /etc/printcap

; printing = cups
; printcap name = cups

; printer admin = @lpadmin
; include = /home/samba/etc/smb.conf.%m

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

; message command = /bin/sh -c ‘/usr/bin/linpopup «%f» «%m» %s; rm %s’ &

; domain master = auto

; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
;[homes]
; comment = Home Directories
; browseable = yes
; read only = no
; guest ok = yes
; valid users = %S

; create mask = 0600

; directory mask = 0700

;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no

[myshare]
comment = My Share
path = /home/unrealoper/share
read only = no
writable = yes
browseable = yes
public = yes

;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700

;[printers]
; comment = All Printers
; browseable = no
; path = /var/spool/samba
; printable = yes
; public = no
; writable = no
; create mode = 0700

;[print$]
; comment = Printer Drivers
; path = /var/lib/samba/printers
; browseable = yes
; read only = yes
; guest ok = no
; write list = root, @ntadmin

;[cdrom]
; comment = Samba server’s CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom

Может я что-то не понял, и не так прописал/или не разкомментировал что-то.
Выполняю команду # /etc/init.d/samba start
Вроде пишет [OK] далее что бы проверить выполняю # smbclient //192.168.84.1/myshare -U
он выдаёт это:
Error connecting to 192.168.84.1 (Connection refused)
Connection to 192.168.84.1 failed

Мне не нужен расшаренный принтер, не нужно всяких наворотов, я просто хочу заливать и брать с сервака файлы по сети.
Вот мой ifconfig если поможет решить проблему:

eth0 Link encap:Ethernet HWaddr 00:80:48:46:78:B0
inet addr:192.168.84.1 Bcast:192.168.84.255 Mask:255.255.255.0
inet6 addr: fe80::280:48ff:fe46:78b0/64 Диапазон:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:673 errors:0 dropped:0 overruns:0 frame:0
TX packets:486 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:63730 (62.2 KiB) TX bytes:145343 (141.9 KiB)
Interrupt:16 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Диапазон:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:70 errors:0 dropped:0 overruns:0 frame:0
TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5304 (5.1 KiB) TX bytes:5304 (5.1 KiB)

Подскажите что я делал не так, хотелось бы выучить, знать и запомнить.

Источник

Linux start samba daemon

Есть два демона SMB /usr/sbin/smbd и /usr/sbin/nmbd. В большинстве дистрибутивов Linux, они запускаются, останавливаются и перезапускаются через стартовый скрипт, расположенный в /etc/rc.d/init.d/smb, на который созданы символьные ссылки с соответствующих уровней запуска.

Если вы не будете использовать стандартные стартовые скрипты, то Вы можете запустить демоны Samba из inetd или как автономные процессы. Samba будет отвечать чуть быстрее когда она запущена как автономный процесс, чем в случае когда она запускается из inetd.

В некоторых случаях вы должны проверить наличие в файле /etc/services примерно таких строк:

Убедитесь, что все они не закомментированы. В зависимости от вашего дистрибутива, вам может даже нужно будет добавить их в этот файл. Samba не сможет привязаться к соответствующим портам пока этих строк не будет в файле /etc/services.

Для запуска демонов из inetd, поместите следующие строки в конфигурационный файл inetd, /etc/inetd.conf:

Затем перезапустите демон inetd выполнив команду:

Для запуска демонов из системных стартовых скриптов, поместите следующий скрипт в файл /etc/rc.d/init.d/smb (для большинства дистрибутивов) и создайте на него символические ссылки с именами указанными в комментариях:

Если при старте Samba вы получаете сообщение в котором говорится, что демон не может подключится к порту 139, то вероятно у вас уже есть запущенные процессы Samba, которые не были завершены. Посмотрите список процессов (используя команду ‘ps auxww | grep mbd’) для того, чтобы определить есть ли еще запущенные сервисы Samba.

Источник

ChapterВ 4В Managing Samba in Oracle Linux

This chapter including information about managing Samba in Oracle Linux 8, including tasks for configuring Samba and accessing Samba shares on different platforms.

For information about local file system management in Oracle Linux, see Oracle В® Linux 8: Managing Local File Systems.

4.1В About Samba

Samab is an open-source implementation of the Server Message Block (SMB) protocol that enables Oracle Linux to interoperate with Microsoft Windows systems, as both a server and a client.

Samba implements the Distributed Computing Environment Remote Procedure Call (DCE RPC) protocol that is used by Microsoft Windows to provision file and print services for Windows clients. Samba also enables Oracle Linux users to access files on Windows systems and includes capability for integrating with a Windows workgroup, NT4 domain, and an Active Directory (AD) domain.

Samba uses the NetBIOS over TCP/IP protocol, which allows computer applications that depend on the NetBIOS API to work on TCP/IP networks.

4.1.1В About Samba Services

The Samba server consists of three important daemons: smbd , nmbd , and winbindd .

The smb service enables file sharing and printing services by using the SMB protocol. This service is also responsible for resource locking and for authenticating connecting users. The smb systemd service starts and stops the smbd daemon.

The nmbd service provides host name and IP resolution by using the NetBIOS over IPv4 protocol. The nmbd service also enables browsing of the SMB network to locate domains, workgroups, hosts, file shares, and printers. The nmb systemd service starts and stops the nmbd daemon.

The winbindd daemon is a Name Service Switch (NSS) daemon for resolving AD Users and Groups. The daemon enables AD Users to securely access services that are hosted on the Samba server. The winbind systemd service starts and stops the winbindd daemon.

To use the smbd and nmbd services, you need to install the samba package on your system. To use the winbindd service, install the samba-winbind package.

Note that if you are setting up Samba as a domain member, you must start the winbindd service before starting the smbd service. Otherwise, domain users and groups are not available to the local system.

4.1.2В About the Samba Configuration File

Samba uses the /etc/samba/smb.conf file to manage Samba configuration. This file consists of several sections that you can configure to support the required services for a specific Samba configuration, for example:

Contains settings for the Samba server. In the previous example, the server is assumed to be a member of an AD domain that is running in native mode. Samba relies on tickets issued by the Kerberos server to authenticate clients who want to access local services.

Specifies support for print services. The path parameter specifies the location of a spooling directory that receives print jobs from Windows clients before submitting them to the local print spooler. Samba advertises all locally configured printers on the server.

Provides a personal share for each user in the smbusers group. The settings for browsable and writable prevent other users from browsing home directories, while allowing full access to valid users.

Specifies a share named apps , which grants Windows users browsing and read-only permission to the /usr/local/apps directory.

4.2В Configuring and Using Samba

The following tasks describe how to configure and use Samba in Oracle Linux 8.

4.2.1В Testing Samba Configuration by Using the testparm Command

After configuring the /etc/samba/smb.conf file, per the information that is provided in Section 4.1.2, “About the Samba Configuration File”, you can verify your Samba configuration by using the testparm command. The testparm command detects invalid parameters and values, as well as any incorrect settings such as incorrect ID mapping. If the testparm command does not report any problems, the Samba services successfully load the configuration that is specified in the /etc/samba/smb.conf file. Note that the testparm command is not capable of testing whether configured services will be available or work as expected. You should use the testparm command every time you make a change to your Samba configuration.

The following example shows the type of output that might be displayed when you run the testparm command:

If the testparm command reports any errors or misconfiguration in the /etc/samba/smb.conf file, fix the problem, then re-run the command.

For more information, see the testparm(1) manual page.

4.2.2В Configuring a Samba Stand-Alone Server

To configure a Samba stand-alone server:

Install the samba and samba-winbind packages:

Edit the /etc/samba/smb.conf file and configure the various sections to support the services that are required for your specific configuration.

For specific instructions on configuring a Samba stand-alone server within a workgroup, see Section 4.2.3, “Configuring a Samba Stand-Alone Server Within a Workgroup”.

For specific instructions on adding a Samba server as a member of an AD domain, see Section 4.2.4, “Adding a Samba Server as a Member of an AD Domain”.

(Optional) Configure file system sharing, as needed.

Test the configuration by running the testparm command.

If the command returns any errors or reports a misconfiguration, manually fix the errors in the /etc/samba/smb.conf file and then re-run the command. See Section 4.2.1, “Testing Samba Configuration by Using the testparm Command” for more information.

Configure the system firewall to enable incoming TCP connections to ports 139 and 445 and incoming UDP datagrams to ports 137 and 138:

The nmdb daemon services NetBIOS Name Service requests on UDP port 137 and NetBIOS Datagram Service requests on UDP port 138.

The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP).

(Optional) Add similar rules for other networks from which Samba clients can connect, as required.

Start and enable the smb service so the service starts following a system reboot:

If you make changes to the /etc/samba/smb.conf file and any files that this file references, the smb service reloads the configuration automatically, after a delay of up to one minute. If necessary, you can force the smb service to reload the new configuration by sending a SIGHUP signal to the service daemon:

Making the smb service reload its configuration has no effect on any established connections. You must restart the smb service. Otherwise, any existing users of the service must disconnect and then reconnect.

For more information, see the smb.conf(5) and smbd(8) manual pages. See also http://www.samba.org/samba/docs/.

4.2.3В Configuring a Samba Stand-Alone Server Within a Workgroup

Windows systems that are on an enterprise network usually belong to either a workgroup or a domain.

Workgroups are usually only configured on networks that connect a small number of computers. A workgroup environment is a peer-to-peer network, where the systems do not rely on each other for services and there is no centralized management. User accounts, access control, and system resources are configured independently of each system. Note that such systems can share resources only if they are configured to do so.

A Samba server can act as a stand-alone server within a workgroup. To configure a stand-alone Samba server within a workgroup, follow the instructions inSection 4.2.2, “Configuring a Samba Stand-Alone Server”. For Step 2 of the procedure, configure the settings in the /etc/samba/smb.conf file as follows:

Configure the [global] section by using share-level security, as follows:

The client provides only a password to the server, and not a user name. Typically, each share is associated with a valid users parameter. The server validates the password against the hashed passwords that are stored in the /etc/passwd and /etc/shadow files, NIS, or LDAP for the listed users. Note that user-level security is preferred over share-level security, as shown in the following example:

In the user security model, a client must supply a valid user name and a password. This model supports encrypted passwords. If the server successfully validates the client’s user name and password, the client can mount multiple shares without being required to specify a password.

Use the smbpasswd command to create an entry for a user in the Samba password file, for example:

The user must already exist on the system. If permitted to log in to the server, the user can use the smbpasswd command to change his or her password.

If a Windows user has a user name that is different from the user name on the Samba server, create a mapping between these names in the /etc/samba/smbusers file, for example:

In the previous example, the first entry for each line is the user name on the Samba server. The entries that appear after the equal sign ( = ) are the equivalent to Windows user names.

Only the user security model uses Samba passwords.

The server security model, where the Samba server relies on another server to authenticate user names and passwords, is deprecated. This model has numerous security and interoperability issues.

4.2.4В Adding a Samba Server as a Member of an AD Domain

Typically, corporate networks configure domains to enable large numbers of networked systems to be administered centrally. A domain is a group of trusted computers that share security and access control. Systems that are known as domain controllers provide centralized management and security. Windows domains are usually configured to use AD, which uses the Lightweight Directory Access Protocol (LDAP) to implement versions of Kerberos and DNS by providing authentication, access control to domain resources, and name services. Some Windows domains use Windows NT4 security, which does not use Kerberos to perform authentication.

A Samba server can be a member of an AD or NT4 security domain, but it cannot operate as a domain controller. As a domain member, a Samba server must authenticate itself with a domain controller; thus, it is controlled by the security rules of the domain. The domain controller authenticates clients, while the Samba server controls access to printers and network shares.

In the Activity Directory Server (ADS) security model, Samba acts as a domain member server in an ADS realm. Clients use Kerberos tickets for AD authentication. You must first configure Kerberos and then join the server to the domain, which creates a machine account for your server on the domain controller.

To add a Samba server to an AD domain:

Edit /etc/samba/smb.conf and configure the [global] section to use ADS , for example:

You might also have to specify the password server explicitly if different servers support AD services and Kerberos authentication:

Install the krb5-workstation package:

Create a Kerberos ticket for the Administrator account in the Kerberos domain, for example:

This command creates the Kerberos ticket that is required to join the server to the AD domain.

Join the server to the AD domain:

In the previous example, the AD server is winads.mydom.com and password is the password for the Administrator account.

The command creates an machine account in Active Directory for the Samba server and enables it to join the domain.

Restart the smb service:

4.3В Accessing Samba Shares

The following tasks describe how to access Samba shares from a Windows client and an Oracle Linux client.

4.3.1В Accessing Samba Shares From a Windows Client

To access a share on a Samba server from Windows, open Computer or Windows Explorer, and enter the host name of the Samba server and the share name using the following format:

If you enter \\ server_name , Windows displays the directories and printers that the server is sharing. You can also use the same syntax to map a network drive to a share name.

4.3.2В Accessing Samba Shares From an Oracle Linux Client

To use the following commands, the samba-client and cifs-utils packages must be installed on the system.

You can use the findsmb command to query a subnet for Samba servers. The command displays the IP address, NetBIOS name, workgroup, operating system and version for each server that it finds.

Alternatively, you can use the smbtree command, which is a text-based SMB network browser that displays the hierarchy of known domains, the servers in those domains, and the shares on those servers.

The GNOME desktop provides browser-based file managers that you can use to view Windows shares on the network. Enter smb: in the location bar of a file manager to browse network shares.

To connect to a Windows share by using the command line, use the smbclient command:

After logging in, enter help at the smb:\> prompt to display a list of available commands.

To mount a Samba share, use a command similar to the following:

In the previous command, the credentials file contains settings for username , password , and domain :

The argument to domain can be the name of a domain or a workgroup.

Because the credentials file contains a plain-text password, use chmod to make it readable by only you, for example:

If the Samba server is a domain member server in an AD domain, and your current login session was authenticated by the Kerberos server in the domain, you can use your existing session credentials by specifying the sec=krb5 option instead of a credentials file:

For more information, see the findsmb(1) , mount.cifs(8) , smbclient(1) , and smbtree(1) manual pages.

Copyright В© 2020, 2021, Oracle and/or its affiliates. Legal Notices

Источник