Samba server setting notes

Environment:
Linux OS: fedora10
Samba: sambe-3.2.4

######################################## ######################################

1. view the default samba version.

After logging on to fedora10, use
[Root @ localhost ~] # Whereis samba
Samba:/etc/samba/usr/lib/samba/usr/share/man/man7/samba.7.gz
[Root @ localhost ~] # Rpm-Qa samba
Samba-3.2.4-0.22.fc10.i386
[Root @ localhost ~] #
Samba-3.2.4 has been installed and does not need to be manually installed. This is installed by default in the system. You can use service SMB start to start the samba service;

Samba, which was previously used in centos5.3, can be deleted first, and the PATH variable in the/etc/profile file can be restored to the original state, and/etc/man. the config file is restored to its original state. Use the default SAMBA service and configuration file to set the configuration;

######################################## ######################################

2. Set the smb. conf file
ReferenceArticle
Http://doc.chinahtml.com/manual/rhl-cg-zh_cn-9/s1-samba-configuring.html
Command Line Configuration
To specify a Windows workgroup and a brief description of it, edit the following lines in the smb. conf file:
Workgroup = workgroupname
Server String = brief comment about Server
Replace workgroupname with the name of the Windows workgroup to which your machine belongs. Brief Comment about server is optional and is used as a Windows comment on the samba system.

To create a samba shared directory on your Linux system, add the following lines to the smb. conf file (after modifying the file according to your and your system needs ):

[Sharename] # display name of the shared folder
Comment = insert a comment here # Comment comment
Path =/home/share/# shared physical path
Valid users = tfox Carole # accessible users of shared files. This option is generally used when "Security = user;
Public = No # Not public
Writable = yes # writable
Printable = No # do not print
Create mask = 0765 # create file permissions by default

Here are my files (SECURITY = user ):
[Sharename]
Comment = insert a comment here (test)
Path =/home/share/
Valid users = chenxin
Public = No
Writable = Yes
Printable = No
Create mask = 0765

######################################## ######################################

3. "add smbpasswd" and "Modify file permissions in physical paths ":

Then, access through // 192.168.0.61 and find that no account can be accessed;
Then, use smbpasswd-A chenxin to enter the new password (I set an smb password that is the same as the System user's chenxin password chenxin2006 @) and restart the smb service, you can access the Samba server, but you still cannot create files in the internal Folder:

The reason is that the permission for the/home/share folder is 755, so the permission for the/home/share folder is changed to 777. The problem is solved.
At the same time, you can add or delete files in the/home/chenxin folder shared by default when using the default chenxin account for access;

######################################## #######################################

4. permission issues for anonymous access and modifications to the smb. conf file for anonymous access

Then you can find out the problem of anonymous access and random read/write:
Add the following statement to the configuration file,
[Anonymity]
Comment = Anonymity
Path =/home/Anonymity
Public = Yes
Writable = Yes
Printable = No
Create mask = 0765

In this way, you can access the/home/anonymity folder through an anonymous account. Without the account password, you have read and write permissions, the original/home/share folder needs to be verified by the user, so the share folder cannot be accessed, and a prompt will be prompted to enter the password of the Guest account;
Others: try the following:
Create a new guest account in the system, set the password to chenxin2006 @, and use smbpasswd-a guest to add the smb password. Finally, add the smb password in/etc/samba/smb. after the [sharename] Location of the conf file is changed to valid users = chenxin guest, access the sharename folder and the user authentication information popped out in windows, the user name is still a gray "guest". No matter how you enter the password, the password cannot be accessed. This may be related to the Windows system;

By default, after a system account is added, the permission for the user's home directory generated under/home is 700. Therefore, when other accounts are set to access the subfolders in this directory, please pay attention to permission issues!

######################################## ######################################

5. Description

# It is a comment file;
; For functions that users may need to enable;
SMB of Samba-3.2.4 installed by default in the system. the conf file contains many good routines that can be modified and used. At the same time, SMB. conf has many explain statements to better understand the configuration file;

Appendix my smb. conf file content:
# This is the main Samba configuration file. You shoshould read
# Smb. conf (5) manual page in order to understand the options listed
# Here. Samba has a huge number of retriable options (perhaps too
# Success !) Most of which are not shown in this example
#
# For a step to Step Guide on installing, logging ing and using Samba,
# Read the samba-howto-collection. This may be obtained from:
# Http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Define working examples of smb. conf files can be found in
# Samba-guide which is generated daily and can be downloaded from:
# Http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a; (semi-colon) or a # (hash)
# Is a comment and is ignored. In this example we will use #
# For commentry and a; for parts of the config file that you
# May wish to enable
#
# Note: Whenever you modify this file you should run the command "testparm"
# To check that you have not made any basic syntactic errors.
#
#---------------
# SELinux notes:
#
# If you want to use the useradd/groupadd family of binaries please run:
# Setsebool-P samba_domain_controller on
#
# If you want to share home directories via Samba please run:
# Setsebool-P samba_enable_home_dirs on
#
# If you create a new directory you want to share you shoshould mark it
# "Samba-share_t" so that SELinux will let you write into it.
# Make sure not to do that on System directories as they may already have
# Been marked with othe SELinux labels.
#
# Use LS-LDz/path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon-T samba_t _t/path
#
# If you need to share a system Created directory you can use one of
# Following (read-only/read-write ):
# Setsebool-P samba_export_all_ro on
# Or
# Setsebool-P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) Please
# Put them into the/var/lib/samba/scripts directory so that smbd will be
# Allowed to run them.
# Make sure you copy them and not move them so that the right SELinux Context
# Is applied, to check all is OK use restorecon-r-V/var/lib/samba/scripts
#
#--------------
#
#====================================== Global settings ==================== ======================================

[Global]

# ----------------------- Netwrok related options -------------------------
#
# Workgroup = Nt-Domain-Name or workgroup-name, eg: midearth
#
# Server String is the equivalent of the NT Description field
#
# NetBIOS name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# You want to listen on (never omit localhost)
#
# Hosts allow/hosts deny lets you restrict who can connect, and you can
# Specifiy it as a per share option as well
#
Workgroup = mygroupchenxin
Server String = chenxin Samba server version % v

; NetBIOS name = myserver

; Interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; Hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging options -----------------------------
#
# Log file let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files shocould reach

# Logs split per machine
Log File =/var/log/samba/log. % m
# Max 50kb per log file, then rotate
Max log size = 50

# ----------------------- Standalone server options ------------------------
#
# Scurity can be set to user, share (Deprecated) or server (Deprecated)
#
# Backend to store user information in. New Installations shold
# Use either tdbsam or ldapsam. smbpasswd is available for backwards
# Compatibility. tdbsam requires no further configuration.

# SECURITY = user
Security = Share
Passdb backend = tdbsam

# ----------------------- Domain members options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part
#
# Backend to store user information in. New Installations shold
# Use either tdbsam or ldapsam. smbpasswd is available for backwards
# Compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# Use the DNS to locate Domain Controllers
# The argument list may include:
# Password Server = my_pdc_name [my_bdc_name] [my_next_bdc_name]
# Or to auto-locate the domain controller/s
# Password Server = *
 
 
; Security = domain
; Passdb backend = tdbsam
; Realm = my_realm

; Password Server = <NT-server-Name>

# ----------------------- Domain Controller options ------------------------
#
# Security must be set to user for Domain Controllers
#
# Backend to store user information in. New Installations shold
# Use either tdbsam or ldapsam. smbpasswd is available for backwards
# Compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the domain master browser. This
# Allows Samba to collate browse lists between subnets. Don't use this
# If you already have a Windows NT domain controller doing this job
#
# Domain logons let Samba be a domain logon server for Windows workstations.
#
# Logon scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called netlogon
#
# Logon path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# Machine to add or delete corresponding UNIX accounts
#
; Security = user
; Passdb backend = tdbsam

; Domain Master = Yes
; Domain logons = Yes

# The login script name depends on the machine name
; Logon script = % m. bat
# The login script name depends on the Unix user used
; Logon script = % u. bat
; Logon path =\\ % L \ profiles \ % u
# Disables profiles support by specifing an empty path
; Logon Path =

; Add User script =/usr/sbin/useradd "% u"-n-g users
; Add group script =/usr/sbin/groupadd "% G"
; Add machine script =/usr/sbin/useradd-n-C "workstation (% u)"-m-D/nohome-S/bin/false "% u"
; Delete user script =/usr/sbin/userdel "% u"
; Delete user from group script =/usr/sbin/userdel "% u" "% G"
; Delete Group script =/usr/sbin/groupdel "% G"


# ----------------------- Browser control options ----------------------------
#
# Set local master to no if you don't want Samba to become a master
# Browser on your network. Otherwise the normal election rules apply
#
# OS level determines the precedence of this server in master browser
# Elections. The default value shocould be reasonable
#
# Preferred master causes Samba to force a local browser election on startup
# And gives it a slightly higher chance of winning the election
; Local Master = No
; OS level = 33
; Preferred master = Yes

# ----------------------------- Name resolution -------------------------------
# Windows Internet name serving Support Section:
# Note: Samba can be either a WINS server, or a WINS client, but not both
#
#-Wins support: tells the nmbd component of Samba to enable it's WINS Server
#
#-WINS server: tells the nmbd components of Samba to be a wins Client
#
#-Wins Proxy: tells Samba to answer name resolution queries on
# Behalf Of a non wins capable client, for this to work there must be
# At least one WINS server on the network. The default is no.
#
# DNS proxy-tells Samba whether or not to try to resolve NetBIOS names
# Via DNS nslookups.

; Wins support = Yes
; WINS Server = W. x. y. Z
; Wins proxy = Yes

; DNS proxy = Yes

# --------------------------- Printing options -----------------------------
#
# Load printers let you load automatically the list of printers rather
# Than setting them up individually
#
# Cups options let you pass the cups libs custom options, setting it to raw
# For example will let you use drivers on your Windows clients
#
# Printcap name let you specify an alternative printcap File
#
# You can choose a non default printing system using the printing option

Load printers = Yes
Cups Options = raw

; Printcap name =/etc/printcap
# Obtain list of printers automatically on systemv
; Printcap name = lpstat
; Printing = cups

# --------------------------- Filesystem options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended attributes and they are enabled (usually by the Mount Option
# User_xattr). thess options will let the admin store the DOS attributes
# In An EA and make Samba not mess with the permission bits.
#
# Note: These options can also be set just per share, setting them in global
# Makes them the default for all shares

; Map Archive = No
; Map hidden = No
; Map read only = No
; Map System = No
; Store dos attributes = Yes

#============================ Share definitions ========== ==================================

[Homes]
Comment = Home Directories
Browseable = No
Writable = Yes
; Valid users = % s
; Valid users = mydomain \ % s

[Printers]
Comment = all printers
Path =/var/spool/samba
Browseable = No
Guest OK = No
Writable = No
Printable = Yes

# Un-comment the following and create the netlogon directory for domain logons
; [Netlogon]
; Comment = network logon service
; Path =/var/lib/samba/netlogon
; Guest OK = Yes
; Writable = No
; Share modes = No


# Un-comment the following to provide a specific roving profile share
# The default is to use the user's home directory
; [Profiles]
; Path =/var/lib/samba/profiles
; Browseable = No
; Guest OK = Yes


# A publicly accessible directory, but read only, cannot t for people in
# The "staff" group
; [Public]
; Comment = Public stuff
; Path =/home/samba
; Public = Yes
; Writable = Yes
; Printable = No
; Write list = + staff

[Sharename]
Comment = insert a comment here comment Comment est comment? Path =/home/share/
Valid users = chenxin
Public = No
Writable = Yes
Printable = No
Create mask = 0765

[Anonymity]
Comment = Anonymity
Path =/home/Anonymity
Public = Yes
Writable = Yes
Printable = No
Create mask = 0765