Smb linux ��� ����������

Smb linux ��� ����������

Машины с Linux (UNIX) могут также просматривать и монтировать SMB-ресурсы. Заметьте, что это может быть сделано когда сервером является либо машина с Windows, либо с сервером Samba!

Программа клиента SMB для UNIX-машин включена в дистрибутив Samba. Она обеспечивает ftp-подобный интерфейс командной строки. Вы можете использовать эту утилиту для переноса файлов между ‘сервером’ под управлением Windows и клиентом под Linux.

Большинство дистрибутивов Linux также включают полезный пакет smbfs, который позволяет монтировать и размонтировать SMB-ресурсы. Больше информации о smbfs можно получить дальше.

Для того, чтобы увидеть какие ресурсы доступны на данной машине, выполните команду:

где ‘host’ это имя машины, которую вы хотите видеть. Эта команда вернет список имен ‘сервисов’ — т.е. имен дисков или принтеров к которым может быть получен доступ. До тех пор, пока SMB сервер не будет настроен без управления доступом, он будет запрашивать у вас пароль. Введите в ответ на запрос пароль для пользователя ‘гость (guest)’ или ваш персональный пароль на этой машине.

Вывод этой команды должен выглядеть примерно так:

Browse list показывает другие SMB сервера в сети с доступными ресурсами.

Для использования клиента, выполните следующую команду:

где ‘service’ — имя машины и сервиса. Например, если вы пытаетесь обратиться к директории, которая доступна под именем ‘public’ на машине названной ‘zimmerman’, то имя сервиса должно звучать как \\zimmerman\public. Однако в следствии ограничений оболочки, вам необходимо спрятать обратный слэш, так что в итоге это командная строка выглядеть следующим образом:

где ‘mypasswd’ — символьная строка вашего пароля.

Вы получите приглашение smbclient:

Напечатайте ‘h’ чтобы получить помощь об использовании smbclient:

Если вы умеете использовать ftp, то вам не будут нужны справочные страницы о smbclient.

Хотя вы можете использовать smbclient для тестирования, вы скоро устанете использовать его в работе. Для работы вам скорее всего понадобится пакет smbfs. Smbfs поставляется с двумя простыми утилитами, smbmount и smbumount. Они работают подобно mount и umount для SMB-ресурсов.

Одно важное замечание: Чтобы использовать эти утилиты, у вас должна быть поддержка smbfs вкомпилированная в ядро!

Следующий пример показывает типичное использование smbmount для монтирования SMB-ресурса, названного «customers» с машины с именем «samba1»:

Запуск команды mount покажет вам, что ресурс смонтирован, точно также как и через экспорт NFS:

Пожалуйста прочитайте справочные страницы smbmount и smbumount для дополнительной информации о описанных выше операциях.

Источник

SMB3-Linux

Namespaces

Page actions

There are various requirements for full POSIX compatibility, and other requirements which although not strictly POSIX (such as support for symlinks and the fallocate system call) are common in Linux and various Unix variants and useful to applications. The goal is to implement emulation strategies and extensions to the SMB3 protocol which are as small as reasonably possible but implement the most important of these missing features, allowing the network file system to appear nearly identical to a local file system to users and the applications they run, without creating unacceptable performance or configuration problems.

Contents

Requirements

In this document POSIX CC stands for POSIX Create Context which is a chunk of data that can be optionally included in a Create request/response.

The general requirements for SMB3 POSIX extensions include the following:

POSIX mode bits

The primitive 07777 bits used to control who can access a file or directory. (RWX bits for user, group, other + sticky,setuid,setgid bits)

status

Multiple ways to implement it:

• Emulatable via ACLs. cifs.ko can try its best to map the mode bits to Windows ACLs. This is implemented via cifsacl mount option.
• Windows NFS server stores mode bits as special ACL. This is not the same as emulating them. It stores them in ACL entries with a SID that is «invalid» and in which the last sub-auth has POSIX informations. There is one entry with the UID, one with GID, and one with mode bits.
• SMB2 POSIX extensions adds a Create Context that the client can use to pass mode bits.

• mkdir setuid/setgid: In Linux, mkdir() strips setuid and setgid bits (not a bug).
• mkdir user read/execute: Samba returns access denied on mkdir of a directory which doesn’t have the read and execute for the owner, regardless of whether if the directory was successfully created. It needs u=rx to succeed. It needs to be workaround in cifs.ko (TODO: try mkdir + setinfo?)

POSIX file ownership

UID and GID owners. Windows typically only has one or the other, and expresses them as global «SIDs» with longer UUIDs rather than locally defined UIDs.

status

See POSIX mode bits status.

Symbolic links

Windows now has the concept of reparse points. Reparse points are used to implement symlinks on Windows.

status

• write symlinks as plaintext file with special header and content. Implemented in cifs.ko with mfsymlink mount opt. «mfsymlinks» approach used by Apple among others. Will be in kernel 3.18 and later. Should be backportable

to earlier kernels.

• re-use Windows server for NFS way of storing unix symlinks, i.e. reparse points (note that reparse point tag is different than regular Windows symlinks)

Case sensitivity

status

Files opened with the POSIX Create Context get POSIX semantics, including case sensitivity.

No reserved path characters

Mapping 7 reserved characters (not allowed in SMB3/CIFS/NTFS/Windows but allowed in POSIX). They include: * ? : | \

status

There are 2 ways to do this:

• Send the path unmodified with a POSIX CC
• Map the reserved characters to an unreserved but «invalid» unicode range. 2 mappings already exist:
  • Microsoft’s «SFU» (SUA) mapping
  • Apple’s «SFM» mapping.

The SFU mapping is available in CIFS (and SMB3 in 3.18) with the «mapchars» mount option but we plan to use the Apple («SFM») mapping approach by default in 3.18 kernel and later (Samba requires the «vfs_fruit» module to implement the Apple mapping of the seven reserved characters).

mkfifo and mknod

status

These are emulated using the same approach that Microsoft SFU and others did. Uses the «sfu» mount option (available in 3.18 kernel or later).

POSIX unlink and rename behavior

• unlink: deleting an open file, removing it from the namespace, occurs in POSIX but not Windows
• rename: renaming a directories that has open files, perfectly legal in POSIX but not in Windows (even recursivley)

status

Emulatable over SMB3 for most cases (using «delete on close» and using an approach like «nfs silly rename»). 3.18 kernel will better handle these but «POSIX Create Context» are still likely to be required for a few use cases.

POSIX byte range locks

POSIX «advisory» byte range locks (SMB3 allows Windows style «mandatory» byte range locks). POSIX locks are also merged when they overlap, and all locks are released on file close making them both confusing to use (locally on Linux file systems, and even more so over network file systems) and more difficult to emulate. Although many dislike the POSIX byte range lock behavior, their implementation in SMB3 would help some applications.

status

POSIX CC will enable POSIX flavor of locks on the handle.

Emulated via mandatory locks today, and can also be «local only» (with a cifs.ko mount option «nobrl»).

flock

In POSIX, flock(2) are file lock applied to an open file descriptor. They apply on the whole file but they are advisory. Applications are free to ignore them and read/write on the fd. Whereas SMB locks will prevent read/writes.

More information returned in stat() syscall

• Slight differences in «stat» system call (and the mode/ownership information noted above)
• Additional information returned on the statfs» system call:
  • f_files; /* total file nodes in file system */
  • f_ffree; /* free file nodes in fs */

status

• stat: Use POSIX information level to get additional stat fields in QUERY INFO and FIND requests.
• statfs: fields still missing

POSIX ACL support

Linux implements an ACL model for local file systems which is less complex than the more common «RichACLs» (ie NFSv4 or NTFS/SMB/SMB3 ACLs) but easier to understand.

status

Could be mapped to SMB3/NTFS RichACLs which are a superset of POSIX ACLs. Also could be handled via «POSIX Create Context».

fallocate() parameters

Many fallocate options are available, most but not all are mappable to various existing SMB3 ioctls.

status

Partially implemented already, and also a few other new Linux syscalls which are not broadly implemented: more research needed.

Code & tests

• Wireshark: git repo at https://github.com/aaptel/wireshark.git (smb3unix branch)
• Samba: git repo at git://git.samba.org/jra/samba/.git (master-smb2 branch)
• Linux kernel: latest POSIX code at git://git.samba.org/sfrench/cifs-2.6.git (for-next branch)
• Test client code in Pike (python): https://github.com/aaptel/pike.git (smb3unix branch)

Sample smb.conf for samba (see pike README):

Linux kernel mount options:

POSIX extension wire protocol status

As of 2018-12-13 from JRA’s master-smb2 branch. (commit 1db5d5d4254 «s3: smbd: smb2-posix: Return STOPPED_ON_SYMLINK when hitting reparse point partway in a path.»)

Note that all integers are in Little-Endian.

Negotiate Context

Actual length/fields not decided yet, use the context data length field.

Create Context

For client requests

New create context. If a file is open with this context, the handle gets POSIX_SEMANTICS flag set.

• Context tag: SMB2_CREATE_TAG_POSIX «\x93\xAD\x25\x50\x9C\xB4\x11\xE7\xB4\x23\x83\xDE\x96\x8B\xCD\x7C»
• Context payload size: 4 bytes

Unix perm mode to be used for the new file/dir. The bits used are as follow (note the values are in octal):

For server responses

The server can respond to CREATE request with this POSIX context too (same context tag).

• Context payload size can vary because of the SID, but the maximum should be 12 + 2*28 = 68 bytes.

A sid is encoded as follow. Size can go up to 28 bytes:

Info level

New info level requestable via GETINFO or FIND. The payload contains a POSIX Create Context response at the end.

• Level value: SMB2_FIND_POSIX_INFORMATION 0x64
• Payload length: 136.
  • 68 + POSIXCreateContextResponse (see above)

For FIND (directory listing) there is some extra data at the start (offset to the next directory entry) and the file name at the end:

Источник

Ubuntu Documentation

Client Access — Browsing SMB shares

The samba package is a meta-package intended to be installed on file and printer sharing servers. Clients do not need this meta-package (you are acting as a client if you need to access files on another computer). For example, installing samba is not necessary if you only need your Ubuntu system to do any of the following:

Access shared folders, drives and printers on a Windows computer (that is, act as a client with Windows servers). To do this, you only need the smbfs plugin. See MountWindowsSharesPermanently for more information.
Have your Windows computer use (via a network) a printer that is attached to a Linux computer. CUPS can be configured to make the printer accessible to the network.

Share directories between two Linux computers. You can use NFS or setup an SSH server on one computer and access it from other computers using an scp or sftp client, or Places -> Connect to Server. and choose «SSH» as the service type.

Ubuntu Clients

Ubuntu and Gnome make it easy to access files on a Windows network share. Open the Places Menu, then click on Network. You will see a Windows network icon. Double-click to open it. The next window shows all the domains/workgroups found on your network. Inside each domain/workgroup you will see all the computers on the domain/workgroup with sharing enabled. Double-click on a computer icon to access its shares and files.

If you want to be able to share folders with nautilus (the file browser), install the nautilus-share package (installed by default in Ubuntu 9.10 Desktop edition):

Alternate: From the menu at the top select «Location» -> «Connect to a server». In the «Service type» pull down select «Windows share». Enter the server ip address in the «Server:» box and the share name in the «Share:» box. Click «Connect» and then «Connect» again on the second dialog box

Alternate 12.04: Double clicking on ‘Windows network’ did not work for me. So I went to ‘Go’ menu in the nautilus file browser and clicked ‘Location’. I got an address bar at the top of the window. I entered «smb://192.168.2.148» (substitute the IP address of your Samba server) — I was presented with user/password window — After typing in user/passwd I was able to see the samba shares on the server and browse the files/folders.

Note: The default installation of Samba does not synchronize passwords. You may have to run «smbpasswd» for each user that needs to have access to his Ubuntu home directory from Microsoft Windows.

Windows Clients (XP,Server,Vista, Win7)

Microsoft Windows clients connect and browse through their corresponding network interface.

Example: XP clients can open Windows Network Neighborhood or My Network Places to browse available SMB shares.

Samba Client — Manual Configuration

This section covers how to manually configure and connect to a SMB file server from an Ubuntu client. smbclient is a command line tool similar to a ftp connection while smbfs allows you to mount a SMB file share. Once a SMB share is mounted it acts similar to a local hard drive (you can access the SMB share with your file browser (nautilus, konqueror, thunar, other).

Connecting to a Samba File Server from the command line

Connecting from the command line is similar to a ftp connection.

List public SMB shares with

Connect to a SMB share with

Enter you user password.

You can connect directly with

but your password will show on the screen (less secure).

Once connected you will get a prompt that looks like this :

Type «help» , without quotes, at the prompt for a list of available commands.

Connecting using CIFS

CIFS is included in the smbfs package and is a replacement for smbfs (I know, the terminology here is a little confusing).

As above, install by any method, smbfs, on Ubuntu 12.10, smbfs has been replaced by cifs-utils.

Allow non-root users to mount SMB shares

By default only root may mount SMB shares on the command line. To allow non-root users to mount SMB shares you could set the SUID, but I advise you configure sudo. You should configure sudo with visudo

You may either allow the group «users» to mount SMB shares, or add a group, samba, and add users you wish to allow to mount SMB shares to the samba group.

Change «user» to the username you wish to add to the samba group.

In the «group» section add your group you wish to allow to mount SMB shares

Change «%samba» to «%users» if you wish to allow members of the users group to mount SMB shares.

The following will mount the myshare folder on myserver to

/mnt (it will be in your home directory):

Note : «samba_user» = the user name on the samba server (may be different from your log-in name on the client).

The «noexec» option prevents executable scripts running from the SMB share.

You will be asked for BOTH your sudo and then your samba_user password.

Automagically mount SMB shares

In order to have a share mounted automatically every time you reboot, you need to do the following:

With any editor, create a file containing your Windows/Samba user account details:

KDE users must use kdesu rather than gksu and instead of Gedit they can use Kwrite as editor.

. it should contain two lines as follows:

Note : «samba_user» = the user name on the samba server (may be different from your log-in name on the client). «samba_user_password» is the password you assigned to the samba_user on the samba server.

Save the file and exit gedit.

Change the permissions on the file for security:

Now create a directory where you want to mount your share (e.g. /media/samba_share):

Now, using any editor, and add a line to /etc/fstab for your SMB share as follows:

Add a line for your SMB share:

The share will mount automatically when you boot. The «noexec» option prevents executable scripts running from the SMB share.

To mount the share now, without rebooting,

You can unmount the share with :

If you wish to increase security at the expense of convenience, use this line in /etc/fstab

The noexec» option prevents executable scripts running from the SMB share.

Edit /etc/samba/user, remove the password (leave just the samba user).

Now the share will NOT automatically mount when you boot and you will be asked for your samba password.

Mount the share with :

CIFS may cause a shutdown error.

Connecting using SMBFS (deprecated)

Note : This method still works, but as outlined under the «CIFS» section above is «deprecated» (no longer maintained and pending removal from the kernel).

Mounting a share on the local filesystem allows you to work around programs that do not yet use GnomeVFS to browse remote shares transparently. To mount a SMB share, first install smbfs:

To allow non root accounts to mount shares, change the permissions on the smbmnt program thus:

Note : This may be a security risk as after setting the SUID bit anyone can mount a SMB share. I advise you configure sudo, as above.

The working line in /etc/sudoers is as follows (see CIFS section above):

This allows any user in the samba group to mount SMB shares (you will need to create a samba group and add users).

The following will mount the myshare folder on myserver to

/mnt (it will be in your home directory):

In order to have a share mounted automatically every time you reboot, you need to do the following:

Open a shell as root

Create a file containing your Windows/Samba user account details:

. it should contain two lines as follows:

Change the permissions on the file for security:

Now create a directory where you want to mount your share (e.g. /mnt/data):

Now edit the file system table (/etc/fstab) and add a line as follows:

. where ‘bob’ is the non-root user you log into ubuntu with, ‘server’ is the name or address of the Windows machine and ‘share’ is the name of the share.

To mount the share now, just use the following command as root. It will mount automatically on subsequent reboots.

to be continued.

Ubuntu Client

On the Ubuntu client using the menu at the top, go to «Places» -> «Network». You will see an icon «Windows network» and should be able to browse to your shared folder. You will be asked for a password, leave it blank. Click the «Connect button.

(no need for a password).

If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit /etc/hosts and add your samba server (syntax IP Address hostname).

Where «hostname» = the name of your samba server.

Windows Client

On Windows open «My Computer» and navigate to «My Network Places». Navigate to your Ubuntu server and your share will be available without a password.

Alternate : From the menu at the top select «Tools» -> «Map Network Drive». Select an available letter for your SMB share (Default is z: ). In the «Folder:» box enter \\samba_server_ipaddress\share. Tic (Select with the mouse) the option «Reconnect at login» if you want the share to be automatically mounted when you boot Windows. Click the «Finish» box. A dialog box will appear, enter your samba user name and password. Click «OK».

If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit C:\WINDOWS\system32\drivers\etc\hosts and add your samba server (syntax IP Address hostname).

Where «hostname» = the name of your samba server.

Samba/SambaClientGuide (последним исправлял пользователь milamipha 2014-01-07 20:02:19)

The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details

Источник