samba

naos 2018/10/21 17:55

testé sur Debian Stretch

Installation des paquets

# apt install samba samba-client

Configuration de Samba

# cd /etc/samba
# mv smb.conf smb.conf.orig
# vim /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
netbios name = HOST
server string = Serveur de fichiers HOST
wins support = yes
dns proxy = yes
domain master = yes
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
bind interfaces only = yes
interfaces = 192.168.43.0/24 localhost
hosts allow = 192.168.43. 127.
security = user
passdb backend = tdbsam
unix password sync = no
invalid users = root
encrypt passwords = yes
guest account = smbguest
map to guest = bad user
force group = users
create mode = 0660
directory mode = 0770

[Public]
path = /srv/samba/public
comment = Partage Public
public = yes
only guest = yes
browseable = yes
read only = no

[Confidentiel]
path = /srv/samba/confidentiel
comment = Partage Confidentiel
read only = no
browseable = yes
invalid users = root nobody smbguest

[TOTO]
path = /srv/samba/TOTO
comment = Documents de TOTO
read only = no
browseable = yes
valid users = TOTO

Créez les répertoires de partage

# mkdir -pv -m 1777 /srv/samba/{public,confidentiel,TOTO}

Création d'un utilisateur public smbguest pour Samba

# useradd -c "Utilisateur Public Samba" -g users -d /dev/null   -s /sbin/nologin smbguest
# passwd -l smbguest
# smbpasswd -a smbguest -d

Dans le cas d'un utilisateur système existant

# usermod -a -G users TOTO
# smbpasswd -a TOTO

Dans le cas d'un nouvel utilisateur système

# useradd -c "TOTO MACHIN" -s /sbin/nologin -d /dev/null TOTO
# passwd -l TOTO
# usermod -a -G users TOTO
# smbpasswd -a TOTO

Afficher la liste des utilisateurs Samba

# pdbedit -L

Démarrez Samba

# systemctl enable smbd nmbd
# systemctl start smbd nmbd
# systemctl status smbd nmbd
ou
# systemctl start samba

Testez les paramètres

# testparm
ou
# testparm -v

Affichez la liste des partages disponibles

#  smbclient -L localhost -N
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]

	Sharename       Type      Comment
	---------       ----      -------
	Public          Disk      Partage Public
	TOTO            Disk      Documents de TOTO
	IPC$            IPC       IPC Service (Serveur de fichiers HOST)
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.12-Debian]

	Server               Comment
	---------            -------
	HOST       Serveur de fichiers HOST

	Workgroup            Master
	---------            -------
	WORKGROUP            HOST

Affichez les connections Samba en cours

# smbstatus

Samba version 4.5.12-Debian
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
15772   -1           -1           HOST (ipv4:192.168.43.112:55244) NT1               -                    -                    
15772   smbguest     users        HOST (ipv4:192.168.43.112:55244) NT1               -                    -                    

Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
IPC$         15772   HOST dim. oct. 21 14:51:09 2018 CEST  -            -           

No locked files

Affichez les connections Samba en cours par liste de partage

# smbstatus --shares

Samba version 4.5.12-Debian
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
5755    -1           -1           HOST (ipv4:192.168.43.112:58552) NT1               -                    -                    
5843    TOTO         TOTO         192.168.43.112 (ipv4:192.168.43.112:54272) NT1               -                    -                    
5753    -1           -1           HOST (ipv4:192.168.43.112:58550) NT1               -                    -                    
5753    smbguest     users        HOST (ipv4:192.168.43.112:58550) NT1               -                    -                    
5755    smbguest     users        HOST (ipv4:192.168.43.112:58552) NT1               -                    -                    
5765    smbguest     users        HOST (ipv4:192.168.43.112:58554) NT1               -                    -                    
5765    -1           -1           HOST (ipv4:192.168.43.112:58554) NT1               -                    -                    

Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
IPC$         5765    HOST dim. oct. 21 17:10:39 2018 CEST  -            -           
IPC$         5755    HOST dim. oct. 21 17:10:31 2018 CEST  -            -           
TOTO         5843    192.168.43.112 dim. oct. 21 17:15:57 2018 CEST  -            -           
IPC$         5753    HOST dim. oct. 21 17:10:30 2018 CEST  -            -           

No locked files

Obtenir la liste des partages visible d'un utilisateur

# net rpc share list -U TOTO
Enter TOTO's password:
TOTO
Public
Confidentiel
IPC$

Désactiver un utilisateur Samba

# smbpasswd -d TOTO

Supprimer un utilisateur Samba

# smbpasswd -x TOTO

Problèmes connus

A. Problème:

# systemctl start samba.service
Failed to start samba.service: Unit samba.service is masked.

A. Solution:

# rm /lib/systemd/system/samba.service 
# systemctl enable samba.service nmbd.service smbd.service
# systemctl start samba

B. Problème:

Les partages ne sont plus visibles

B. Solution:

# rm -R /var/cache/samba/
# systemctl restart samba

C. Problème:

[2018/10/22 13:38:42.968946,  0] ../source3/nmbd/nmbd_browsesync.c:251(domain_master_node_status_fail)
  domain_master_node_status_fail:
  Doing a node status request to the domain master browser
  for workgroup WORKGROUP at IP 192.168.1.7 failed.
  Cannot sync browser lists.

C. Solution:

# rm /var/cache/samba/browse.dat
# systemctl restart samba
  • samba.txt
  • Dernière modification: 2018/10/23 21:06
  • par naos