User Tools

Site Tools


doc:howto:cifs.server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:cifs.server [2012/11/04 20:33]
guru4hp
doc:howto:cifs.server [2014/12/15 11:49] (current)
mforkel use DokuWiki syntax to escape double slash
Line 1: Line 1:
 ====== Samba ====== ====== Samba ======
-Samba is a FOSS re-implementation of [[wp>​Server Message Block|SMB/​CIFS]]. As of version 3, Samba provides file and print services over network which can be accessed by Windows, Unix and MacOS X clients. Alternatives are [[nfs.server|NFS]] and [[sshfs.server|SSHFS]].+Samba is a free and open-source ​implementation of [[wp>​Server Message Block|SMB/​CIFS]]. As of version 3, Samba provides file and print services over network which can be accessed by Windows, Unix and MacOS X clients. Alternatives are [[nfs.server|NFS]] and [[sshfs.server|SSHFS]]
 + 
 +:!: It is hence **strongly recommended** that you use LuCI to establish the initial configuration and then edit the template file (/​etc/​samba/​smb.conf.template) via LuCI Edit Template tab or from the shell as needed. 
 + 
 +If luci-app-samba not working or can't find in web gui - > type "rm /​tmp/​luci-indexcache"​ or restart router
  
 ===== Preparations ===== ===== Preparations =====
Line 46: Line 50:
 <​code>/​etc/​init.d/​samba restart</​code>​ <​code>/​etc/​init.d/​samba restart</​code>​
  
-**''​Info:''​** When samba is restarted that way, the file ''/​etc/​samba/​smb.conf''​ is created/​recreated conform to the uci configuration file, and the new settings will take effect.+**''​Info:''​** When samba is restarted that way, the file ''/​etc/​samba/​smb.conf''​ is created/​recreated conform to the uci configuration file and ''/​etc/​samba/​smb.conf.template''​, and the new settings will take effect.
  
 +Create samba users by adding them to /etc/passwd and /etc/group then using ''​smbpasswd''​ to set passwords and add to samba. Setup shared directories permissions according to your needs using ''​chown''​ and ''​chmod''​. Any unknown usernames used for authentication against samba are mapped to a guest login silently by default.
  
 ==== Custom configuration surpassing the UCI configuration ==== ==== Custom configuration surpassing the UCI configuration ====
Line 92: Line 97:
  
 ==== Set security to share ==== ==== Set security to share ====
-Some hints in advance: If you installed all needed packages, configured samba per UCI and it still does not work at all, have a look at the file /​etc/​samba/​smb.conf.template. Change the entry //​security//​ from ''​user''​ to ''​share'',​ restart the daemons and try accessing it directly: In //windows explorer// type ''​\\router_ip''​ in the address bar. In //​nautilus//​ or //dolphin// press <​CTRL>​+<​L>​ and type ''​smb://​router_ip/''​ into the address bar.+Some hints in advance: If you installed all needed packages, configured samba per UCI and it still does not work at all, have a look at the file /​etc/​samba/​smb.conf.template. Change the entry //​security//​ from ''​user''​ to ''​share'',​ restart the daemons and try accessing it directly: In //windows explorer// type ''​\\router_ip''​ in the address bar. In //​nautilus//​ or //dolphin// press <​CTRL>​+<​L>​ and type ''​smb:​%%//%%router_ip/''​ into the address bar.
  
 Instead of looking up the whole configuration step by step, you maybe want to have a look at [[http://​samba.org/​samba/​docs/​man/​Samba-Guide/​ExNetworks.html|Samba.org:​ Example Network Configurations]]. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the [[doc:​uci:​firewall]] ​ 8-) Instead of looking up the whole configuration step by step, you maybe want to have a look at [[http://​samba.org/​samba/​docs/​man/​Samba-Guide/​ExNetworks.html|Samba.org:​ Example Network Configurations]]. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the [[doc:​uci:​firewall]] ​ 8-)
Line 137: Line 142:
 Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting. Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting.
 <code bash> <code bash>
-$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 139 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 139 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 445 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 445 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 139 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 139 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 445 -j NOTRACK ​#​------------------ don't track SMB+$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 445 -j CT --notrack ​#​------------------ don't track SMB
 </​code>​ </​code>​
  
Line 180: Line 185:
 ===== Notes ===== ===== Notes =====
   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=140976#​p140976|Samba user administration script]]   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=140976#​p140976|Samba user administration script]]
 +  * [[https://​forum.openwrt.org/​viewtopic.php?​id=33510|Storage Administration Tool]]
  
doc/howto/cifs.server.1352057622.txt.bz2 · Last modified: 2012/11/04 20:33 by guru4hp