This is an old revision of the document!
Table of Contents
samba
samba smb nmbd
Servidor de archivos e impresoras para clientes windows
Instalación
aptitude update && aptitude-install samba
Contestar las opciones marcadas a:
- Grupo de trabajo
- Algo relacionado con servidor DHCP
Creación de usuarios
1. Creamos un usuario, que creo que tiene que existir en el sistema:
sudo smbpasswd -a mi_usuario
2. Introducir 2 veces la contraseña
Compartir directorio
En este ejemplo vamos a hacer accesible el directorio '/ruta/directorio/compartido' de la máquina donde está instalado samba a través del usuario de sistema 'mi_usuario' a cualquier cliente windows conectado a esa red.
1. Renombrar el archivo de configuración por defecto de samba:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
2. Crear uno limpio:
sudo vim /etc/samba/smb.conf
Con el siguiente contenido:
#======================= Global Settings ======================= [global] # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP # server string is the equivalent of the NT Description field server string = %h server # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # This tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Cap the size of the individual log files (in KiB). max log size = 1000 # We want Samba to log a minimum amount of information to syslog. Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log # through syslog you should set the following parameter to something higher. syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d # You may wish to use password encryption. See the section on # 'encrypt passwords' in the smb.conf(5) manpage before enabling. encrypt passwords = true # If you are using encrypted passwords, Samba will need to know what # password database type you are using. passdb backend = tdbsam obey pam restrictions = yes # This boolean parameter controls whether Samba attempts to sync the Unix # password with the SMB password when the encrypted SMB password in the # passdb is changed. unix password sync = yes # For Unix password sync to work on a Debian GNU/Linux system, the following # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for # sending the correct chat script for the passwd program in Debian Sarge). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # This boolean controls whether PAM will be used for password changes # when requested by an SMB client instead of the program listed in # 'passwd program'. The default is 'no'. pam password change = yes [homes] comment = Home Directories browseable = no # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. read only = yes # File creation mask is set to 0700 for security reasons. If you want to # create files with group=rw permissions, set next parameter to 0775. create mask = 0700 # Directory creation mask is set to 0700 for security reasons. If you want to # create dirs. with group=rw permissions, set next parameter to 0775. directory mask = 0700 # By default, \\server\username shares can be connected to by anyone # with access to the samba server. # The following parameter makes sure that only "username" can connect # to \\server\username # This might need tweaking when using external authentication schemes valid users = %S [public] comment = Programas browseable = yes path = /ruta/directorio/compartido valid users = mi_usuario read only = no
3. Grabar y salir
4. (Desde cliente windows) Botón derecho sobre 'Mi pc'/'Conectarse a unidades de red'
5. (Desde cliente windows) Introducir: 'ip_servidor_samba\pulbic'. Por ejemplo:
192.168.1.2\pulbic
6. (Desde cliente windows) Introducir usuario y contraseña de usuario de sistema 'mi_usuario'
Se debería poder ver el directorio compartido.
Reiniciar servicio
/etc/init.d/samba restart
Reglas para cortafuegos
iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
Acceso desde linux
- Montar unidad:
mount.cifs //<hostname>/<share> <mount_point> -o user=<username>,password=<password>
- Desde fstab
1) (Todo como root) Crear un archivo con las credenciales de samba:
nano /etc/credenciales_samba
Con el siguiente contenido:
username=<username> password=<password>
2) Anyadir la siguiente linea a /etc/fstab:
//<hostname>/<share> <mount_point> cifs credentials=/etc/credenciales_samba,rw,user,noauto 0 0