Common commands of Samba Server

The Samba server must install three packages: samba, samba-common, and samba-client:

Samba ----- all files of the Samba server program samba-common ----- provides public files that must be used by both the Samba server and the client samba-client ----- provides all files of the samba client samba-SWAT ----- the Web interface provides the Samba server management function.

To configure the Samba server, follow these steps:

1. Create a samba User: smbpasswd-a user # create a samba user; (related operation: smbpasswd-x user # delete a samba user and enable a samba user in-E );

2. Configure the etc/samba/smb. conf file;

. Smb. conf file Function
The smbd and nmbd daemon read the configuration file SMB at startup (usually during system boot. conf, the configuration file shows the two daemon processes what to share, who to share the output, and how to output.
Because security issues are the most important, you must specify which computers can access this sharing. The smb. conf file can flexibly specify which users can access each service. As the Linux network grows, this control becomes more and more important.

3). smb. conf file structure
The smb. conf file consists of three parts:
Global Parameters
Directory shares (directory sharing) Section-including standard [home] Section
Printer shares
The global parameter is used to set the rules of the entire system. The [home] and [Printer] parts are specific routines of the service, services) this term is the samba term for directories shared or output by network clients and printers. These services define which users can access these directories and printers and how to access these directories and printers.
　　
Listing 1-1 provides a simple example of the smb. conf file.

List 1-1 A simple example of the smb. conf file
[Global]
NetBIOS name = Frodo
Workgroup = UAB-TUCC
Server String = John Blairs Linux box
Security = user
Printing = LPRng
Log File =/var/log/samba
Lock directory =/var/lock/samba
[Homes]
Comment = home directory
Browseable = No
Read Only = No
[Printers]
Browseable = No
Guest OK = Yes
Printable = Yes

Set the host name in the [Global] section, the name of the Working group where the host is located, and the description of the Local Machine displayed during browsing. Security parameters tell Samba to use the "user-level" security protection method. SMB has two security modes: shared level, resource and password control; user level, all resources of a user can be used. The subtle differences between the two methods cannot be explained in detail here, but in most cases, you will want to use user-level security control.
The [Global] section also defines the log file directory and the location of the locked file. Log files are useful in fault resolution and system improvement. Locking a file can prevent multiple users from modifying the same file at the same time.
The setting in the [homes] section controls the sharing permissions of each home directory. The string specified by the comment parameter appears next to the specified resource when you browse the local resource. The browseable parameter controls whether a service can appear in the network resource browsing table. Here are some unintuitive things. browseable = no means that this directory will be displayed as the user name to be verified during browsing. For example, specify browseable = No. When I browse this Samba server, I will see a shared directory named cuckoo. When browseable = yes is specified, I will see a shared directory named homes and cuckoo. Setting read only = No will allow users who pass the verification to write data to the main directory. However, if the Unix permission of their home directory does not allow writing, they do not have the write permission. Regardless of the UNIX permission, after Read Only = yes is set, their main directory is read-only.
The printing command describes the type of the local printing system. This allows Samba to know how to submit a printing task, display a printing queue, delete a printing task, and perform other operations. If the print system is unknown to Samba, you must specify the command each time you execute the print operation.
The [printing] section in the ticket allows any user who can log on to the Samba server to use each printer that appears in printcap. Under normal circumstances, if user-level security control is used, guest OK = Yes cannot authorize every user (using the system ). Each print service must be defined as printable = yes.
In the following configuration section, a shared directory named "public" is added and the anonymous FTP directory is directly read-only. You must create a printer driver on the client. For Windows 95 and Windows NT clients, you can use the printer name and printer driver commands to automatically create a print driver.

[Public]
Comment = public FTP directory
Path =/home/FTP/pub
Browseable = Yes
Read Only = Yes

This section does not explain some subtle topics, such as the differences between user-level and shared-level security, or other authorization and authentication topics. It only shows us the tip of Samba. On the other hand, this is a good example, from which we can understand how easy it is to generate a simple but workable smb. conf file.
Next, we will give another example to illustrate how to share a Linux printer with a Windows machine through Samba.
To share a Linux printer with a Windows machine, make sure that the printer on the Linux machine is set. If printing can be performed on Linux, it is easy to set up Samba printer sharing. You only need to modify the printing part of the smb. conf file according to your own situation. Note that the printer path must be consistent with the spool directory in/etc/printcap, then you can configure a network printer on Win95/NT (this article does not introduce how to configure a network printer on Win95/NT ).

4). List of standard smb. conf files
The example directory in the Samba package contains a default configuration file smb. conf. defaults. We can modify it and copy it to the lib directory under your installation directory and change it to smb. conf. Listing 1-2 is the standard configuration file provided by the samba system. To facilitate reading, this article translates comments in the document and adds explanations as appropriate.

List 1-2 standard smb. conf file
# This is the main configuration file of the server. Read the user manual for smb. conf (5) to learn about the following:
# List every option. Samba has many options, most of which do not appear here
# Example.
#
# Each line starting with a semicolon ";" or well number "#" is annotated and ignored during execution. In this example
# We use "#" for annotation and ";" for annotation of optional configurations.
#
# Note: Whenever you modify this configuration file, you must run the "testparm" command to check whether your
# Are there any basic syntax errors in the modifications.
#
#============================= Global settings for global variables =====
[Global]
# Workgroup is used to specify the NT domain name or group name of your machine on the network. The format is
# Workgroup = Nt-Domain-Name or workgroup-name. The default group name is mygroup.

Workgroup = mygroup

# Server String is used to set the NT Description field. The default value is Samba server.
Server String = Samba Server

# The following options are important for security. It allows you to set which domains of machines can access your samba
# Server. In the following example, two class C subnet and "lookup" connection requests are allowed.
# Connection requests from machines in other network segments. For relevant examples, see the user manual of smb. conf.
; Hosts allow = 192.168.1. 192.168.2. 127.

# Allow automatic loading of the printer list, without the need to set each printer separately.
Load printers = Yes

# You may want to overwrite the original printcap file.
; Printcap name =/etc/printcap

# For the systemv system, if you set the printcap name to lpstat
# Automatically obtain the print list in spool.
; Printcap name = lpstat

# Unless your printer is not of the standard model, you do not need to specify the printer system type below.
# Currently, the supported printer systems include BSD, sysv, PLP, LPRng, Aix, HPUX, and QNX.
; Printing = BSD

# If you want to create a customer account, remove the Semicolon ";" in front of the following statement ";". At the same time, you must
# Add the definition of this account to/etc/passwd. Otherwise, the user "nobody" will be used as the customer account.
; Guest account = pcguest

# This option defines a separate log file for each machine connected to the server.
Log File =/usr/local/samba/var/log. % m

# This option sets the maximum log file size (in KB)
Max log size = 50

# Define the security mode. Several users use a user-level security model. For details, see security_level.txt.
Security = user

# The following options are defined only when the security mode is set to server-level (SECURITY = server.

; Password Server = <NT-server-Name>

# If you want to use the encryption command, see encryption.txt、win95.txt and winnt.txt.
# File, please read the above file and use the following options.
; Encrypt passwords = Yes

# This option allows you to use different configurations for each machine. % M will be replaced with the server
# The NetBIOS name of the requesting machine.
; Include =/usr/local/samba/lib/smb. conf. % m

# Several people will find that this forum will improve the efficiency of the server. Please refer to speed.txt and the user
# Manual for more details.
Socket Options = tcp_nodelay

# Configure Samba to use multiple network interfaces. If you have multiple network interfaces, follow the steps below:
# The format is listed here. See the user manual for more details.

; Interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser control options
# If you do not want to make your samba server a master browser server in the LAN, set this option to no
; Local Master = No

# OS level determines the server's access priority in the LAN.
; OS level = 33

# Domain Master defines the Samba server as the main domain browser. This option allows Samba
# Compare and browse in the Network List. If you already have a Windows NT domain controller, do not use this option.
; Domain Master = Yes

# Preferred master enables Samba to select a local browser at startup and give it a Higher Selection
# Opportunities
; Preferred master = Yes

# This option is used only when one of your network's NT servers configured as the primary domain controller during installation.
; Domain Controller = <NT-Domain-controller-smbname>

# Use this option if you want to make Samba a logon server for Windows 95 workstation.
; Domain logons = Yes

# If you allow the domain to log on to the service, you may want the login script of each machine or user to run one
# Specific logon batch files for each workstation .,

; Logon script = % m. bat
# Run a specific logon batch file for each user name.
; Logon script = % u. bat

# Place the roving profiles file (for Win95 and WinNT only). % L indicates the server
# NetBIOS name. % u is the user name. You must cancel the comment before [profiles] defined later.
; Logon path =\\ % L \ profiles \ % u

# Windows Internet Name Service Support record section
# Wins support tells the nmbd daemon to support the WINS server.
; Wins support = Yes

# The wins serve option tells the nmbd daemon to act as the WINS client.
# Note: Samba can be used as either a WINS server or a WINS client, but not both
.
; WINS Server = W. x. y. Z

# Wins prox indicates that a non-wins customer notifies Samba to respond to the name resolution request. To make this option
# Ensure that at least one WINS server is in the network during normal operation. The default value is no.
; Wins proxy = Yes

# The DNS proxy option determines whether Samba uses DNS nslookups to resolve the NetBIOS of the host.
# Name. For versions earlier than 1.9.17, the built-in value is yes, and for Versions later than 1.9.18, the built-in value is no.
DNS proxy = No

#========================== Define the shared service share definitions ========================== ===
# Home directory of all users

[Homes]
Comment = Home Directories
# The homes service is not listed when a client program is out of the shared service of the server as a guest user.
# However, the Home Directory Service created by the local user still uses the browseable set in [Global.
Browseable = No
Writable = Yes

# If you want to create a netlogon directory, cancel the following comments.
; [Netlogon]
; Comment = network logon service
; Path =/usr/local/samba/lib/netlogon
; Guest OK = Yes
; Writable = No
; Share modes = No

# If you want to provide a specific shared roving profile, cancel the comment below.
# The default value is the user's home directory.
; [Profiles]
; Path =/usr/local/samba/profiles
; Browseable = No
; Guest OK = Yes

# Note: If you have a BSD-style printing system, you do not need to define each printer separately.
[Printers]
Comment = all printers
Path =/usr/spool/samba
Browseable = No
# Setting public = yes will allow users logging on to the printer with a guest account.
Guest OK = No
Writable = No
Printable = Yes

# This option defines the temporary directory for shared files by network users.
; [TMP]
; Comment = temporary file space
; Path =/tmp
; Read only = No
; Public = Yes

# A user shared directory, except for some write permissions of users in the "staff" group
# Other users are read-only.
; [Public]
; Comment = Public stuff
; Path =/home/samba
; Public = Yes
; Writable = Yes
; Printable = No
; Write list = @ staff

# Other examples:
#
# A private printer that only Fred can use is defined below. Put the spool data in Fred's home
# Directory. Note: Fred must have the write permission on the spool directory, regardless of its location.
; [Fredsprn]
; Comment = Freds printer
; Valid users = Fred
; Path =/homes/Fred
; Printer = freds_printer
; Public = No
; Writable = No
; Printable = Yes

# The following defines a private directory that only user Fred can use. Fred must have
# Write permission.
; [Fredsdir]
; Comment = Freds Service
; Path =/usr/somewhere/private
; Valid users = Fred
; Public = No
; Writable = Yes
; Printable = No

# The following defines services with different directories for machines connected to each domain server. This will allow you
# Use different configurations for different machines. You can also use the % u option for each user
# Same configuration. % M will be replaced with the host name of the client during connection.
; [Pchome]
; Comment = pc Directories
; Path =/usr/PC/% m
; Public = No
; Writable = Yes

# The following defines a shared directory that all users can read and write. Note that
# All files belong to the default user. Therefore, any user who can access this directory can delete other
# Files stored in this directory. Obviously, this directory must be writable for default users.
# Of course, you can also specify a user. In this case, all files in this directory will be owned by this user.
; [Public]
; Path =/usr/somewhere/else/Public
; Public = Yes
; Only guest = Yes
; Writable = Yes

; Printable = No

# The following example shows how to define how to share a directory with two users.
# All of them. In this example, both users have the write permission on the directory. Of course File
# Protection should be set properly. Obviously, this example can be expanded to suit multiple users.
; [Myshare]
; Comment = Marys and Freds stuff
; Path =/usr/somewhere/shared
; Valid users = Mary Fred
; Public = No
; Writable = Yes
; Printable = No
; Create mask = 0765

2. Shared access restrictions
1). Host address
Use the following parameters to restrict access through the host address:

Allow hosts
Hosts allow

Deny hosts
Hosts deny

"Allow hosts" and "hosts allow" specify the list of hosts allowed to access a service. The list is separated by ", spaces, or tabs. For example, if it is used for [Global] segments, it is applied to all services, and the settings of each service are ignored.
The host list consists of the Host Name, IP address, subnet address, or network number/mask. Can also enable? Quot; restrict t "keyword to restrict access to individual hosts in the subnet. For example:

Hosts allow = 202.204. 3 bytes t 202.204.3.30

Access from hosts on the 202.204.3 subnet is allowed, but access from hosts on the 202.204.3.30 subnet is prohibited.
"Deny hosts" and "hosts deny" specify the list of hosts that are not allowed to access a service, which is opposite to "allow hosts. When it conflicts with the "allow hosts" list, the "allow hosts" list takes precedence.

2). Use the User Password
Use the following parameters to restrict access through user passwords:

Security

The security parameter can determine the authentication method for the customer's username/password. The default value is "user", which means that any access to the Samba server must be verified by the username/password. If the user logs on to the client, if the user name used by Windows is the same as the Unix user name on the Samba server, the user can access the client after password verification. For example, the password used by Windows is the same as that used by UNIX, you can access the service without any prompt.
However, if the login username on the client is inconsistent with the Unix username on the Samba server, you need to write the ing between the client username and the Unix username in a ing file (such as/etc/smbusers, use the "username map" parameter to specify the ing file. For example:

Username map =/ECT/smbusers

The content in the/etc/smbusers file is as follows:

Cuckoo = "cuckoo Doo"

In this way, after "cuckoo Doo" is registered on the client and connected to the Samba server, enter the Unix client cuckoo password, because samba has mapped "cuckoo Doo" To Cuckoo.
The other value of the security parameter is "share", indicating that the Samba server does not need the client to log on using the username/password, but determines whether to use the account name/password for Verification Based on the sharing settings. Setting security to share is generally used when the majority of user names on the client are different from those on the Samba server, and the Samba server mainly provides guest access.
In the smb. conf file, if "encrypt passwords" is not set, Samba uses the Unix Password Database to verify the user password. This requires the client to pass the password in the form of a "common file. If "encrypt passwords" is set, Samba uses another encrypted password file, which is set through "SMB passwd file", for example:

Encrypt passwords = Yes
SMB passwd file =/etc/smbpasswd

3). Use the user name
Public
Guest OK

The two parameters have the same functions. You can use the corresponding service to allow the Guest user, that is, user name/password verification is not required. If "Guest only" is specified, the corresponding server can only be accessed by the guest user.

Invalid users
Valid users

These two parameters respectively set the list of users that are not allowed to register a service or that are allowed to register a service. When a user appears in both lists, registration priority is not allowed. The user names in the list can be separated by spaces. names starting with "@" are considered to be NIS or Unix group names. names starting with "+" are considered to be Unix group names; the name starting with "&" is considered only the name of the NIS Group.
Only user

This parameter controls whether to allow only users specified in the "user =" list to access a service. If this parameter is set to true, only users in the "user =" list can access the service.

4). Whether the read/write operations can be performed
Read Only

If this parameter is set to "yes", users using the service cannot create or modify files in the directory of the service.

Writable
Writeable
Write OK

The three parameters have the same functions. If they are set to "no", users using the service cannot create or modify files in the service directory.

Read list
Write list

The two parameters respectively specify the list of hosts that only allow read-only access to a service or that have "write" permission at the same time. Here, if a host is in both lists, write takes precedence.

5). Check whether the browser list is displayed.
Browsable
Browseable

The two parameters with the same functions control whether the segment is listed in the browsing list. The View list lists available shares. Generally, browsing is disabled in the [home] segment to improve security.

3. Windows 9x is used as the setting for SMB customers.
1). Configure Microsoft Network customers
On the client (Win9x), add a Microsoft Network customer to the control panel. Select Microsoft Network Customer -- id -- computer name -- my_computer_name -- my_group. my_computer_name indicates the NetBIOS name of the client, and my_group indicates the group name.

2). Edit the registry record
If the SMB. "encrypt passwords" is not used in the conf file, that is, passwords in the "plain text" format must be edited in the Registry to allow passwords in the "plain text" format.
In the following entries of the Windows registry:

/HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/VxD/vnetsup

Create a New DWORD Value and name it enableplaintextpassword. Double-click enableplaintextpassword to set the key value to 1.

3). Restart
Restart the computer and log on with the user name/password. This user name/password will be used for user identity authentication when connecting to the SMB server, so if you want to access the user's home directory on the SMB server, we recommend that you use the same username/password as the SMB server.

4). Access the Samba server
Access the Samba server through network neighbor browsing. You can select from the list or use the command in the Command window:
\ Sambaserver

4. Other commands provided by the Samba server
Smbstatus
The smbstatus command is used to display the connection status of the current SMB server. For example, when John accesses the "public" service of the SMB server on the "cuckoo" client whose IP address is 202.204.3.16, the command output is as follows:

/Usr/bin/smbstatus

Samba version 2.0.3
Service uid gid pid Machine
----------------------------------------------
Public john 10009 cuckoo (202.204.3.16) Fri Jul 21

No locked files

Share mode memory usage (bytes ):
1048464 (99%) Free + 56 (0%) used + 56 (0%) overhead = 1048576 (100%) Total

The following table lists the main switches and their meanings:

Table 1-2 main options of the smbstatus command

Nmblookup
The nmblookup command is used to map a NetBIOS name to an IP address. For the above example, you can use the following command to find the host cuckoo:

/Usr/bin/nmblookup sale

You can use the appropriate options to allow nmblookup to query an IP broadcast domain or a separate machine. For common options of this command, see table 1-3.

Table 1-3 List of main options of the nmblookup command

Smbclient
Smbclient is a client program that accesses SMB server resources. The interface provided by this program is similar to that provided by the FTP program. Access Operations include downloading files from the SMB server to a local machine or uploading files locally to the SMB server, you can also retrieve directory information on the SMB server.
The command syntax is as follows:

/Usr/bin/smbclient // smbserver/service [passwd] [-u username]

Smbserver is the NetBIOS Name of the SMB server. It is generally the same as the server host name, but is not required. "Service" is a service provided by a server, such as the file service public or print service printer.
Passwd is the password required to access certain services. If you enter the password in the command line, the system will not prompt you to enter the password later. Otherwise, the system prompts you to enter the password. Some servers do not need a password, but there is still a prompt to enter the password. If you do not want a password prompt, you can use the "-n" option on the command line.
If you want to use other ports for TCP connection to the SMB server, you can use the "-P" option to specify the default value: 139.
"-U" specifies the username used to connect to the SMB server. If not specified, smbclient uses the value specified by the Environment Variable user as the user name. If no user environment variable exists, use "guest ".
In the environment variable user, you can set "user = username % password" so that you do not need to enter a password on the command line. At the same time, using the ps command does not see the number of command line parameters, which has certain security. Similarly, you can use "-u username % password" to specify the user name and password .? Quot;-U "specified password" % password "takes precedence over the password specified in the command line [Password.
　　
The "-l" option can list the services provided on a server, for example:

/Usr/bin/smbclient-l smbserver

Use the following command to enter the prompt status similar to FTP:

/Usr/bin/smbclient // smbserver/service

Execution result:
SMB: \>

"\" Indicates the current working directory of the server. At this prompt, you can use "? "," Help "command to list. The command is case-insensitive.
In addition to many FTP-like commands, the recurse command can be set to on, this allows you to get or put matched subdirectories when using the mget or mput command. Recurse is off by default, that is, only files in the current directory of get or put are allowed.

At this prompt, you can also use the following command:

SMB: \> tar C localfile filename

Copy the files and directories on the server named "FILENAME" (wildcards can be used) to the local "localfile" file through tar. Or:

SMB: \> tar x localfile filename

You can copy the filename of the local tar file localfile to the server. If filename is omitted, all files are copied.
The preceding command can also be executed on the smbclient command line, for example:

/Usr/bin/smbclient // smbserver/service [passwd]-T c local file filename
/Usr/bin/smbclient // smbserver/service [passwd]-t x local file filename

Smbprint
Smbprint is a script program that submits a print file to the SMB server in a remote location in Linux. The command called in the program is smbclient. The following is an example of how to use this command.
For example, the remote SMB server NetBIOS is named prtserver (Windows 9x) and provides the Print Service. The service name is netpcl (NEC laser printer) and no password is required.
In Linux, the configuration is as follows:
1. Edit the/etc/printcap file and add the following line

SMB: Lo =/dev/null: SD =/usr/spool/SMB: Sh: If =/usr/bin/smbprint: AF =/var/spool/lpd/SMB/Acct

2. Create directory/usr/spool/smb,/var/spool/lpd/SMB
3. Use the following command to create an accounting file
Touch/var/spool/lpd/SMB/Acct
4. Create the/var/spool/lpd/SMB/. config file, which contains the following content:

Server = prtserver
Service = necpcl
Password = ""

5. edit the/usr/bin/smbprint file to make "Echo translate" valid in the smbclient command parameter. This will enable UNIX files to be printed on Windows 9X, converts <LF> and <CR/LF>.
6. Start LPD:

/Etc/rc. d/init. d/lpd start

7. Run the LPR command to print the/etc/hosts file.

/Lpr-p smb/etc/hosts

LPR uses the default printer name LP. SMB is used here.

5. Use Samba to encrypt passwords
User identity authentication performed by the client when accessing the Samba server includes a password in the "common text" format, which is transmitted over the network to the SMB server, and the Unix account database (such as/etc/passwd) check; or use the encrypted password to verify through "SMB challenge/response. This article focuses on the usage of encryption passwords.
The password encryption algorithm compatible with Windows NT is used on the Samba server, so you can verify the user password of Samba customers like Windows NT.
Windows NT uses a file containing the hashed value of the user's password, which is obtained through an encryption algorithm for the user's "plain text" password, called the "hashed password ". The original "plain text" password cannot be returned from the hashed value. The same hashed password can be formed on the Samba server and stored in the smbpasswd file.
When a samba client (such as Windows 9x or NT) uses Samba resources, it first requests a connection and discusses the protocol used for the connection. Samba generates a random value when answering a customer request and sends it to the customer. It is also stored on the Samba server, called "challenge ". "Challenge" is different for each customer connection.
The customer then uses the hashed password and "challenge" for encryption, generates a 24-Byte "response", and sends it to the Samba server.
The Samba server uses the user password (saved in the smbpasswd file) that saves the hashed value to perform the same encryption operation as the previously generated "challenge, compare the generated results with the results sent by the customer. If the results are the same, the customer is allowed to access the results. Otherwise, the user is prohibited to access the results.
The Samba server does not store passwords in the "plain text" format, but stores hashed passwords converted from the "plain text" password. In addition, "plain text" and "hashed password" are not transmitted during network connection, which is safer than UNIX. When a client program is connected to a Unix server (such as telnet), the password is often transmitted over the network using "plain text" and can be intercepted by network listening software (such as tcpdump. The Samba encrypted password file smbpasswd will be exploited to become a potential vulnerability. Therefore, the file must be owned by the root user. The read and write permissions should be 600.
In Windows 9x or NT, the default user authentication method is encrypted password? Quot; plain text "is not transmitted over the network. Correspondingly, Samba must also use the encrypted password authentication method. However, if you want to use a password in the "plain text" format, you can edit the Windows NT Registry to allow. In this way, the Samba server can use the/etc/psswd file to verify the user password without the smbpasswd file.
To enable Samba to use password encryption algorithms compatible with Windows NT, you must save the password file containing the hashed value corresponding to the user name on the Samba server. You can use the/usr/bin/mksmbpasswd. Sh program to generate an encrypted password file. The file name is set by the "SMB passwd file" parameter. Here it is/etc/smbpasswd. The command line format is:

CAT/etc/passwd | mksmbpasswd. Sh>/etc/smbpasswd

Then, the root user can use the smbpasswd command to set the user password. For example, set the smb password of the customer cuckoo to smbpassword:

/Usr/bin/smbpsswd cuckoo smbpassword

Root can also use smbpsswd to add users and cancel passwords. However, the added user must exist in the/etc/psswd file. The smbpsswd command can only change your smb password like the passwd program.

Iii. Samba troubleshooting

The Troubleshooting of Samba can be completed through commands on the SMB server and the SMB client.
1. Actions on the SMB server
1) run the following command to check whether the configuration is incorrect.

/Usr/bin/testparm/etc/smb. conf

2). Run the ping command on the server and the client to check whether the TCP/IP works properly.
3). Used on the SMB server

/Usr/bin/smbclient-l smbserver

Command to get a shared list.
If the error message appears, check the settings of parameters related to the server, such as "hosts allow", "hosts deny", "Valid users", and "invlid users. If "connection refused" is displayed, check whether the Samba server process is started. If Samba runs as a daemon, run the "netstat-a" command to check whether the port is in the listening status.
4) if the command "/usr/bin/nmblookup smbserver" is run, the IP address of the SMB server is returned. Otherwise, nmbd does not run correctly.
5) run the "/usr/bin/nmblookup-D 2 *" command. The host running NETBIOS/TCPIP In the subnet will respond. Otherwise, it indicates that nmblookup cannot obtain the broadcast address correctly. You can use the interfaces parameter in the smb. conf file to manually set the IP address, broadcast address, and subnet mask.
6 ). run the "/usr/bin/smbclient \ smbserver \ homes" command. Enter the user password of the customer on the SMB server, and a prompt similar to "SMB>" appears. In this case, you can use the Dir command to browse the files in the account directory of the customer's SMB server, and use the help command to get help from other commands. If a prompt similar to "SMB>" cannot appear and there is an "invalid network name" error message, it is possible that the homes sharing is not properly set; or "bad password ", check the settings of "shadow password", "password encryption", and "Valid users" and "path.

2. Operations on SMB clients
1) run the "net view \ smbserver" command to list shares on the SMB server.
If an error similar to "network name not found" occurs, check the DNS or wins settings on the client. If an error "invalid network name" or "bad Password error" occurs, follow the troubleshooting methods described in the preceding "smbclient-L" command. Note that the client will connect to the SMB server with the username/password used when the client is registered. Therefore, it is best to have the same username/password on the SMB server.
2 ). run the "net use X; \ smbserver \ homes" command to map the customer home directory on the SMB server to the client "X:" disk, "X: "It should be an unused disk number on the client. In this way, the shared directory can be viewed as an "X:" disk on the client. The normal information is "command complete successfully ".
If you want to stop using the "X:" disk, you can use the "net use X:/Delete" command. If the customer's home directory cannot be mapped to an "X:" disk, check the configuration of parameters such as "hosts allow" on the SMB server. If the user name on the client cannot match the user name on the server, try to use the "username map" option.
3) If "encrypted passwords" is not used on the SMB server, do you want to allow? Quot; common text "format password.

Summary

Samba is an implementation method of SMB. It is mainly used to implement file and print services in Linux. Linux users can use the Samba server through configuration to share resources with Windows users.
The daemon smbd and nmbd are the core of Samba and run in full time. The nmbd program allows a computer to browse Linux servers. The smbd daemon processes SMB software packages when they arrive online and coordinates the resources used or shared with Linux.
After installing samba, you also need to customize its configuration file smb. conf to make Samba work properly to meet the requirements. SMB. CONF file syntax structure and Windows *. the INI file is very similar. The file structure consists of three parts: Global parameters, directory sharing, and print sharing. This article focuses on how to configure various options to complete specific functions.
Different parameters can be used to implement different access control over Samba: restrict access by host address, restrict access by user password, restrict access by user name, verify read and write permissions, and control access by displaying in the browser list. All these methods greatly enhance the security of the Samba server.

Note that the user in step 1 must be a user already registered in the system

 

These are simple Samba server settings. You must have a deep understanding of the powerful Samba server!

Common commands of Samba Server