User Tools

Site Tools


doc:howto:cifs.server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:cifs.server [2012/12/04 16:32]
avalon
doc:howto:cifs.server [2015/05/16 17:44] (current)
somebody [Mac Network Discovery Issues]
Line 1: Line 1:
 ====== Samba ====== ====== Samba ======
-Samba is a FOSS re-implementation of [[wp>​Server Message Block|SMB/​CIFS]]. As of version 3, Samba provides file and print services over network which can be accessed by Windows, Unix and MacOS X clients. Alternatives are [[nfs.server|NFS]] and [[sshfs.server|SSHFS]].+Samba is a free and open-source ​implementation of [[wp>​Server Message Block|SMB/​CIFS]]. As of version 3, Samba provides file and print services over network which can be accessed by Windows, Unix and MacOS X clients. Alternatives are [[nfs.server|NFS]] and [[sshfs.server|SSHFS]]
 + 
 +:!: It is hence **strongly recommended** that you use LuCI to establish the initial configuration and then edit the template file (/​etc/​samba/​smb.conf.template) via LuCI Edit Template tab or from the shell as needed. 
 + 
 +If luci-app-samba not working or can't find in web gui - > type "rm /​tmp/​luci-indexcache"​ or restart router
  
 ===== Preparations ===== ===== Preparations =====
Line 93: Line 97:
  
 ==== Set security to share ==== ==== Set security to share ====
-Some hints in advance: If you installed all needed packages, configured samba per UCI and it still does not work at all, have a look at the file /​etc/​samba/​smb.conf.template. Change the entry //​security//​ from ''​user''​ to ''​share'',​ restart the daemons and try accessing it directly: In //windows explorer// type ''​\\router_ip''​ in the address bar. In //​nautilus//​ or //dolphin// press <​CTRL>​+<​L>​ and type ''​smb://​router_ip/''​ into the address bar.+Some hints in advance: If you installed all needed packages, configured samba per UCI and it still does not work at all, have a look at the file /​etc/​samba/​smb.conf.template. Change the entry //​security//​ from ''​user''​ to ''​share'',​ restart the daemons and try accessing it directly: In //windows explorer// type ''​\\router_ip''​ in the address bar. In //​nautilus//​ or //dolphin// press <​CTRL>​+<​L>​ and type ''​smb:​%%//%%router_ip/''​ into the address bar.
  
 Instead of looking up the whole configuration step by step, you maybe want to have a look at [[http://​samba.org/​samba/​docs/​man/​Samba-Guide/​ExNetworks.html|Samba.org:​ Example Network Configurations]]. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the [[doc:​uci:​firewall]] ​ 8-) Instead of looking up the whole configuration step by step, you maybe want to have a look at [[http://​samba.org/​samba/​docs/​man/​Samba-Guide/​ExNetworks.html|Samba.org:​ Example Network Configurations]]. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the [[doc:​uci:​firewall]] ​ 8-)
Line 138: Line 142:
 Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting. Since [[doc:​howto:​netfilter]] will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting.
 <code bash> <code bash>
-$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 139 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 139 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 445 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A OUTPUT -o $IF_LAN -s $IP_LAN -p tcp --sport 445 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 139 -j NOTRACK ​#​------------------ don't track SMB +$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 139 -j CT --notrack ​#​------------------ don't track SMB 
-$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 445 -j NOTRACK ​#​------------------ don't track SMB+$IPT -t raw -A PREROUTING -o $IF_LAN -s $IP_LAN -p tcp --dport 445 -j CT --notrack ​#​------------------ don't track SMB
 </​code>​ </​code>​
  
Line 177: Line 181:
  
 </​code>​ </​code>​
 +
 +
 +==== Mac Network Discovery Issues ====
 +As the latest version of Mac OS X (Yosemite) has problems discovering SMB network shares broadcasted by each client over the LAN, you can set up a WINS server on your router which will help them out.
 +
 +A WINS server is a centralised name server for SMB network shares. The objective is to make the router the master browser which means it will discover SMB network shares then make them available over the WINS service. Macs will connect to the WINS service to receive the list of network shares, hopefully with more success than discovering network shares themselves.
 +
 +We will edit the UCI template (''/​etc/​samba/​smb.conf.template''​) instead of directly changing ''/​etc/​samba/​smb.conf''​ so as to maintain compatibility with UCI and LuCI.
 +
 +Log into LuCI, go to Services > Network Shares, go to the Edit Template tab, and add or change the following entries in the "​[global]"​ section in the template.
 +
 +<​code>​
 +[global]
 + domain master = yes
 + local master = yes
 + name resolve order = wins lmhosts hosts bcast
 + os level = 99
 + preferred master = yes
 + wins support = yes
 +</​code>​
 +
 +Finally Save & Apply the changes.
 +
 +You can also configure dnsmasq to broadcast the WINS server address via DHCP so that clients on the LAN don’t have to be manually configured.
 +
 +As there is no template editor in LuCI for ''/​etc/​config/​dhcp''​ it has to be edited in the terminal instead. ssh into your router then enter the following:
 +
 +<​code>​
 +root@router:/#​ cd /etc/config
 +root@router:/​etc/​config#​ vi dhcp
 +</​code>​
 +
 +Now add the following entry to the "​config '​dhcp'​ '​lan'"​ section in the template:
 +
 +<​code>​
 +...
 +config '​dhcp'​ '​lan'​
 + list '​dhcp_option'​ '​44,​192.168.1.1'​
 +...
 +</​code>​
 +
 +If your router has a different IP address to 192.168.1.1 then put your router'​s address.
 +
 +Use ":​wq"​ to save and quit then reboot the router (type ''​reboot''​ on the command line) and reboot the Macs. SMB network shares should appear in Network home a few minutes after rebooting the Mac.
  
  
 ===== Notes ===== ===== Notes =====
   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=140976#​p140976|Samba user administration script]]   * [[https://​forum.openwrt.org/​viewtopic.php?​pid=140976#​p140976|Samba user administration script]]
 +  * [[https://​forum.openwrt.org/​viewtopic.php?​id=33510|Storage Administration Tool]]
  
 +===== Example =====
 +A video demonstration of how Samba 3.6 from the repositories can be installed on OpenWrt 14.07 Barrier Breaker: https://​www.youtube.com/​watch?​v=1tEROyfvkv4
doc/howto/cifs.server.1354635159.txt.bz2 · Last modified: 2012/12/04 16:32 by avalon