Linux install and set up Samba server

1. Installation

Turn off iptables and SELinux before installing.

CentOS Enter the following command:

Yum Install Samba Samba-client

Ubuntu enter the following command:

Apt-get Install Sambaapt-get Install samba-client

2. Settings

Create a folder:

Mkdir/home/samba
chmod 777/home/samba

Edit/etc/samba/smb.conf File:

# This is the main Samba configuration file. You should read the# smb.conf (5) manual page on order to understand the options listed# here. Samba has a huge number of configurable options (perhaps too# many!) the most of which is not shown in this example## for a s Tep to step guide on installing, configuring and using Samba, # Read the samba-howto-collection. This could be obtained from:# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf## Many working examples of smb.co NF files can be found in the # Samba-guide which are generated daily and can be downloaded from: # HTTP://WWW.SAMBA.ORG/SA mba/docs/samba-guide.pdf## any line which starts with A; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we'll use a # # for Commentry and A;  For parts of the config file, you# may wish to enable## Note:whenever you modify this file, you should run the command "Testparm" # to check for that you had not made any basic syntactic errors. # #---------------# SELINUX NOTES:# If you want to use the Useradd/groupadd family of binaries please run:# setsebool-p samba_domain_controller on## If yo U want to share home directories via Samba * run:# setsebool-p samba_enable_home_dirs on## If You create a new Direc Tory want to share you should mark it as# "samba_share_t" so that SELinux would let you write into it.# make sure not t  o Do in system directories as they may already have# been marked with othe SELinux labels.## use Ls-ldz/path to see Which context a directory has## set labels only on directories do created!# to Set a label use the following:chcon-t s amba_share_t/path## If you need to share a system created directory you can use one of the the# following (Read-only/read-wri TE): # setsebool-p Samba_export_all_ro on# or# setsebool-p samba_export_all_rw on## If you want to run scripts (preexec/r Oot prexec/print command/...) please# put them into the/var/lib/samba/scripts directory so that SMBD would be# allowed to run them.# make sure COPY them and not MOVE them so, the right SELinux context# is applied, to check all are OK use restorecon-r-v/var/l ib/samba/scripts##--------------##======================= Global Settings ===================================== [ Global] #-----------------------Network related Options-------------------------# workgroup = Nt-domain-name or Wor Kgroup-name, eg:midearth## server string is the equivalent of the NT Description field## NetBIOS Name can being used to spec Ify a server name not tied to the hostname## Interfaces lets you configure Samba to use multiple interfaces# If you have any m Ultiple network interfaces then your can list the ones# you want to listen on (never omit localhost) # # Hosts allow/hosts De NY lets restrict who can connect, and you can# specifiy it as a per share option as well# workgroup = MyGroup SE    RVer string = Samba Server Version%v NetBIOS name = Hzhiserver map to guest = Bad user; Interfaces = Lo eth0 192.168.12.2/24 192.168.13.2/24; The hosts allow = 127. 192.168.12.192.168.13. 192.168.1 #---------------------------Logging Options-----------------------------# # Log File Let's specify where To put logs and how to split them up.## max Log size let you specify the Max size Log files should reach # logs SPL It per machine log file =/var/log/samba/log.%m # max 50KB per log file, then rotate max log size = #----- ------------------Standalone Server Options------------------------# # scurity can be set to user, share (deprecated) or S Erver (deprecated) # backend to store user information in. New installations should # Use either Tdbsam or Ldapsam. SMBPASSWD is available for backwards # compatibility.    Tdbsam requires no further configuration. Security = user Passdb backend = tdbsam#-----------------------Domain members Options------------------------# # SECU Rity must be set to domain or ads## use the realm option only with security = ads# Specifies the Active Directory realm tHe host is part of## backend to store user information in. New installations should # Use either Tdbsam or Ldapsam. SMBPASSWD is available for backwards # compatibility. Tdbsam requires no further configuration.## use password server option, with security = Server or if you can ' t# use th E DNS to locate Domain controllers# the argument list may include:# password server = my_pdc_name [My_bdc_name] [My_next    _bdc_name]# or to auto-locate the domain controller/s# password server = *;    Security = domain;    Passdb backend = Tdbsam;    realm = My_realm;  Password Server =<Nt-server-name>#-----------------------Domain Controller Options------------------------# # Security must be set to user for Domain con trollers## backend to store user information in. New installations should # Use either Tdbsam or Ldapsam. SMBPASSWD is available for backwards # compatibility. Tdbsam requires no further configuration.## domain master specifies Samba to be the domain Master Browser. this# allows Samba to collate browse lists between subnets. Don ' t use this# if you already has a Windows NT domain controller doing this job## domain logons let Samba be a domain lo Gon server for Windows workstations. # # Logon Scrpit Let Yuou specify a script to being run at login time on the client# you need to provide it in a share called netlogon## Logon path Let specify where user profiles is stored (UNC Path) # # Various scripts can be used on a domain    Controller or stand-alone# machine to add or delete corresponding Unix accounts#;    Security = user;    Passdb backend = Tdbsam; Domain mastER = yes;    Domain logons = yes # The login script name depends on the machine name;    logon script =%m.bat # The login script name depends on the UNIX user used;    logon script =%u.bat;    Logon path = \\%l\profiles\%u # disables Profiles support by specifing an empty path;    Logon path =;    Add User script =/usr/sbin/useradd "%u"-n-g users;    Add Group script =/usr/sbin/groupadd "%g";    Add Machine script =/usr/sbin/useradd-n-C "Workstation (%u)"-m-d/nohome-s/bin/false "%u";    Delete user script =/usr/sbin/userdel "%u";    Delete user from group script =/usr/sbin/userdel "%u" "%g"; Delete Group script =/usr/sbin/groupdel "%g" #-----------------------Browser Control Options------------------- ---------# # Set local master to No if you don ' t want Samba to become a master# browser on your network. Otherwise the normal election rules apply## OS level determines the precedence of this server in master browser# elections . TheDefault value should is reasonable## Preferred Master causes Samba to force a local browser election on startup# and gives    It a slightly higher chance of winning the election;    Local master = no;    OS level = 33;  Preferred master = yes #-----------------------------Name Resolution-------------------------------# Windows Internet Name serving support section:# Note:samba can be either a WINS Server, or a WINS Client, and not both##-WINS support: Tells the NMBD component of Samba to enable it's wins server##-Wins server:tells the NMBD components of samba to be a W INS client##-Wins proxy:tells Samba to answer name resolution queries on# behalf of a non wins capable Client, for th IS-to-work there must be# at least one WINS Server on the network.    The default is no.## DNS Proxy-tells Samba Whether or not to try to resolve NetBIOS names# via DNS nslookups.    ;    WINS support = yes;    WINS Server = w.x.y.z;    WINS proxy = yes; DNS proxy = yes #---------------------------Printing Options-----------------------------# # Load Printers let you load automatically the list O F printers rather# than setting them up individually## cups Options Let's pass the Cups Libs custom Options, setting it To raw# for example would let you use drivers on your Windows clients## Printcap Name Let's specify an alternative PRINTC AP file## You can choose a non default printing system using the printing option load printers = yes cups option    s = raw;    Printcap name =/etc/printcap #obtain List of printers automatically on SYSTEMV;    Printcap name = Lpstat; printing = cups#---------------------------Filesystem Options---------------------------# # The following options can B E uncommented If the filesystem supports# Extended Attributes and they is enabled (usually by the Mount option# User_xatt R). thess options would let the admin store the DOS attributes# in a EA and make samba don't mess with the permission bits.# # Note:these Options Can also BES set just per share, setting them in global# makes them the default for all shares;    Map archive = no;    Map hidden = no;    Map Read Only = no;    Map system = no; Store DOS attributes = yes#============================ Share definitions ============================== [homes] com    ment = Home Directories browseable = yes writable = yes;    Valid users =%s; Valid users = mydomain\%s [printers] comment = all printers Path =/var/spool/samba browseable = no guest o K = no writable = no printable = yes # un-comment The following and create the Netlogon directory for Domain Logo    ns    [Netlogon];    Comment = Network Logon Service;    Path =/var/lib/samba/netlogon;    Guest OK = yes;    writable = no; Share modes = no # un-comment The following to provide a specific roving profiles share# the default is to use the U    Ser ' s home directory;    [Profiles];    Path =/var/lib/samba/profiles;    browseable = no;   Guest OK = yes     # A publicly accessible directory, but read only, except for people in# the ' staff ' Group [public] comment = Pu Blic Stuff Path =/home/samba Public = yes browseable = yes writable = yes printable = no write list = + Staff

3. Running

Running under CentOS:

Service SMB StartService NMB start

Run under Ubuntu:

/etc/init.d/samba start

4. Windows7 access to Samba

Because Samba uses NTLM authentication, and Windows7 uses NTLMV2 authentication, it needs to be set up before it can be accessed.

Start-and-run->secpol.msc, an error occurs, prompting "an attempt to reference a token that does not exist." ", find secpol.msc under C:\Windows\System32, copy to desktop and run, select Local policy--security options, network security: LAN Manager authentication level, change to" Send LM and NTLMv2, if negotiated, Then use NTLMV2 session security ".

Click Start, enter "//samba server IP" in the Search dialog box, you can access the Samba server, and copy and paste the file, very convenient.

Linux install and set up Samba server