User Tools

Site Tools


informatica:linux:samba

This is an old revision of the document!


samba

samba smb nmbd

Servidor de archivos e impresoras para clientes windows

Instalación

aptitude update && aptitude-install samba

Contestar las opciones marcadas a:

  • Grupo de trabajo
  • Algo relacionado con servidor DHCP

Creación de usuarios

1. Creamos un usuario, que creo que tiene que existir en el sistema:

sudo smbpasswd -a mi_usuario

2. Introducir 2 veces la contraseña

Compartir directorio

En este ejemplo vamos a hacer accesible el directorio '/ruta/directorio/compartido' de la máquina donde está instalado samba a través del usuario de sistema 'mi_usuario' a cualquier cliente windows conectado a esa red.

1. Renombrar el archivo de configuración por defecto de samba:

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original

2. Crear uno limpio:

sudo vim /etc/samba/smb.conf

Con el siguiente contenido:

#======================= Global Settings =======================

[global]

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
   server string = %h server

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
   valid users = %S

[public]

comment = Programas
browseable = yes
path = /ruta/directorio/compartido
valid users = mi_usuario
read only = no

3. Grabar y salir

4. (Desde cliente windows) Botón derecho sobre 'Mi pc'/'Conectarse a unidades de red'

5. (Desde cliente windows) Introducir: 'ip_servidor_samba\pulbic'. Por ejemplo:

192.168.1.2\pulbic

6. (Desde cliente windows) Introducir usuario y contraseña de usuario de sistema 'mi_usuario'

Se debería poder ver el directorio compartido.

Reiniciar servicio

/etc/init.d/samba restart

Reglas para cortafuegos

iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

Acceso desde linux

  • Montar unidad:
mount.cifs //<hostname>/<share> <mount_point> -o user=<username>,password=<password>
  • Desde fstab

1) (Todo como root) Crear un archivo con las credenciales de samba:

nano /etc/credenciales_samba

Con el siguiente contenido:

username=<username>
password=<password>

2) Anyadir la siguiente linea a /etc/fstab:

//<hostname>/<share> <mount_point> cifs credentials=/etc/credenciales_samba,rw,user,noauto 0 0
informatica/linux/samba.1300220783.txt.gz · Last modified: 2015/04/13 20:19 (external edit)