| Server process | Explanation |
|---|---|
| smbd | File sharing, authentication, etc. |
| nmbd | Browsing function, NetBIOS name resolution, WINS server, etc. |
| winbindd | Winbind function |
| port number | Explanation |
|---|---|
| 137/UDP | NetBIOS name resolution and browsing |
| 138/UDP | NetBIOS name resolution and domain logon |
| 139/TCP | File sharing |
| 445/TCP | File sharing |
smb.conf#
--Set up the entire Samba. --If you make any changes, you will need to restart Samba. --If the item set in the global section appears in the following sections, the setting will be overwritten.
| Parameters | Explanation |
|---|---|
| workgroup | Specify the workgroup name or domain name to which the Samba server belongs. |
| server role | Specifies the operating mode of the Samba server. |
| netbios name | Specify the NetBIOS name of the Samba server. |
| server string | Describe the description such as the name of the server. |
| hosts allow | Specify the hosts that are allowed to connect. (Hosts not specified will be rejected.) |
| guest account | It is used when accessing a user who does not have an account as a guest. |
| map to guest | Specifies what to do if you cannot authenticate as a Samba user. Never :Do not allow guest authentication. Bad User :If a non-existent user is specified, it is considered as guest authentication and login is performed with the user defined in guest account. Bad Passwor :In addition to the above, if the password is entered incorrectly, it is considered as guest authentication. |
| log file | Specify the log file. Variable indicating the connection source host "%If you use "m", you can separate the log file for each connection source host. |
| max log size | Specifies the maximum size of the log file. If the value is 0, there is no limit. |
| encrypt passwords | Use an encrypted password. This value should not be used except Yes. |
| smb passwd file | Specify the password file for password authentication using the smbpasswd method. |
| unix password sync | Do you want to synchronize your Samba password with your Linux password? |
| passwd program | When unix password sync is enabled, the program to be executed when the password is changed on the Samba side. |
| passwd chat | Response content when unix password sync is enabled. |
| username map | Specifies a file that maps a UNIX user to another user. |
| logon script | Specify the script file to be executed at logon. |
| wins support | Operate as a WINS server. |
| wins server | Specify the IP address of the WINS server. |
| Parameters | Explanation |
|---|---|
| comment | Specify a comment. |
| browseable | Specifies whether to browse and display at other times. However, you can access it by specifying the share name directly. |
| writable | Specifies whether to allow writing. |
| read only | The opposite meaning of writable. |
| write list | Specifies the users who are exceptionally allowed to write. When specifying a group, @ |
| path | Specify the path of the shared directory. |
| force user | Forcibly set the owner and owning group of files and directories created in the share to the specified user. |
| force group | Forces the owner and group of files and directories created in the share to be the specified group. |
| hide dot files | Whether to apply hidden attributes. |
| hide files | If you don't want to see any file or directory, specify its name. |
| veto files | Specify files and directories that you do not want to see or access. |
| create mask | Permission applicable to files 0744 |
| directory mask | Applicable permissions to directory 0755 |
| force create mask | Permission 0000 that always applies to files |
| force directory mask | Permission 0000 that always applies to directories |
| valid users | Specify who can access it. When specifying a group, @ |
| guest ok | Specifies whether to allow guest login. |
| public | Specifies whether to allow guest login. |
homes##
--A section for sharing each home directory of UNIX users at once. --You do not need to define a home directory share for each user.
smb.conf
[homes]
comment = Home Directiry
browseable = No
writable = Yes
printers##
| Parameters | Explanation |
|---|---|
| print ok | Use as printer sharing. |
| printable | Use as printer sharing. |
smb.conf
[printers]
comment = ALL printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = Yes
--You can create a share with any name.
smb.conf
[public]
comment = Public
path = /home/samba/piblic
public = Yes
writable = No
writa list = @memmber
smb.conf
[tmp]
comment = tmp
path = /tmp
read only = no
public = Yes
smb.conf
[secret$]
path = /var/samba/secret
valid users = @super
testparm#
--Check the syntax of smb.conf for mistakes.
--Samba handles logs on its own, without going through syslog. --It is divided into several files under the/var/log/samba directory.
--Exists in workgroup units and domain units. ――Which host will be the master browser is selected based on the priority according to the type of OS. --If samba itself is a domain controller, it will be preferentially selected if it is 33 or higher.
| Parameters | Explanation |
|---|---|
| local master | Participate in the browser selection of the local master browser (not necessarily selected) |
| domain master | Be elected as a domain master browser. |
| preferred master | Prompt to select a browser. |
| os level | priority |
--Specify how the client responds to Samba.
| Parameters | Explanation |
|---|---|
| security | The default is "USER". In this case, authenticate using the smb passwd file. You need a Samba user account and password. |
smbpasswd###
--User information is stored in a text format password file (/ etc/samba/smbpasswd) in one line per user using the method used in Samba2. --Although some Samba3 series are the default backend database, only some of the user items that Samba can handle can be stored.
smb.conf
passdb backend = smbpasswd
tdbsam###
--Store user information in a binary database file (/etc/samba/passdb.tdb). --All items of user information that can be handled by Samba can be stored.
smb.conf
passdb backend = tdbsam:/etc/samba/passdb.tdb
ldapsam###
--Store user information in the LDAP server. --A separate LDAP server is required, but it is suitable for handling a large number of users.
smb.conf
passdb backend = ldapsam:ldap://LDAP server name[:port number]
pdbedit###
| option | Explanation |
|---|---|
| -L | List display |
| -a | add to |
| -x | Delete |
smbpasswd###
| option | Explanation |
|---|---|
| -d | Invalidation |
| -e | activation |
| -x | Delete |
| command | Explanation |
|---|---|
| smbcontrol | Send messages to control each daemon that makes up the Samba server. |
| smbstatus | Share clients connected to the Samba server, shares in use, and locked files. |
| nbmlookup | Query the NetBIOS name or search for the IP address from the NetBIOS name. |
| option | Explanation |
|---|---|
| -L | Request list display |
| -N | Do not authenticate |
| -U | Specify the user to connect to |
| Subcommand | Explanation |
|---|---|
| cd | Move |
| del | Delete |
| Subcommand | Explanation |
|---|---|
| dir | List display |
| exit | End |
| get | Get |
| mget | Get all together |
| mkdir | Directory creation |
| mput | Transfer all together |
| lcd | Move local directory |
| put | transfer |
| mdir | Delete directory |
ACL#
smb.conf
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes =yes
getfacl##
--Display ACL entries.
| ACL entry | Explanation |
|---|---|
| user | Owner ① |
| group | Owning group ② |
| other | Other users ③ |
| user:USER | User USER ④ |
| group:GROUP | Group GROUP ⑤ |
| mask | Applies to mask values, ②④⑤ |
setfacl##
--Set ACL.
| option | Explanation |
|---|---|
| -m | Add or change. |
| -x | delete. |
| --remove-all | Delete all. |
Building a file server for Amazon EC2 (Amazon linux) Build Samba on Amazon Linux 2 (https://dev.classmethod.jp/articles/amazonlinux2-samba/)
Recommended Posts