User Tools

Site Tools


doc:uci:samba

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:samba [2013/02/19 04:29]
hcc23 Added a note on the necessity for matching permissions.
doc:uci:samba [2015/12/02 00:50] (current)
cmcaine [Common Options] Added interface section to example for extra visibility.
Line 1: Line 1:
 +======Samba (smb)======
 +For installation instructions see [[doc:​howto:​cifs.server|Samba How To]]
 +
 +=====UCI configuration options=====
 +The UCI configuration file is located at /​etc/​config/​samba. Be extremely careful editing this file by hand - the samba shell interface (/​etc/​init.d/​samba restart) will ignore invalid options, but LuCI Services/​Network Shares will bring up an error like this:
 +<​code>/​usr/​lib/​lua/​luci/​dispatcher.lua:​449:​ Failed to execute cbi dispatcher target for entry '/​admin/​services/​samba'​.
 +</​code>​
 +
 +:!: It is hence** strongly recommended** that you use LuCI to establish the initial configuration and then edit the template file (/​etc/​samba/​smb.conf.template) via LuCI Edit Template tab or from the shell as needed.
 +
 +If luci-app-samba not working or can't find in web gui - > type "rm /​tmp/​luci-indexcache"​ or restart router.
 +
 +==== Common Options ====
 +
 +The config section type ''​samba''​ determines values and options relevant to the overall operation of samba. The following table lists all available options, their default value and respectively a short characterization. See [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​idp58030944|smb.conf man page]] for further details.
 +
 +These are the default settings for the common options:
 +
 +<​code>​config '​samba'​
 +        option '​name'​ '​OpenWrt'​
 +        option '​workgroup'​ '​OpenWrt'​
 +        option '​description'​ 'Samba on OpenWrt'​
 +        option '​charset'​ '​UTF-8'​
 +        option '​homes'​ '​0'​
 +        option '​interface'​ '​loopback lan'
 +</​code>​
 +<​sortable>​
 +^ Name ^ Type ^ Required ^ Default ^ Option ^ Description ^
 +| ''​name''​ | string | no | hostname or OpenWrt |  | Name of the Server ​ |
 +| ''​workgroup''​ | string | no | hostname or OpenWrt |  | Name of the Workgroup |
 +| ''​description''​ | string | no | Samba on hostname or OpenWrt |  | Description of the Server |
 +| ''​charset''​ | string | no | UTF-8 |  | Display charset & unix charset |
 +| ''​homes''​ | boolean | no | 0 | 0, 1 | Share the user directory |
 +| ''​interface''​ | string | no | loopback lan |  | Interfaces samba should listen on. Syntax: "<​uci-interface-name>​ <​uci-interface-name>​ ...". Note, that it is __not__ of type list. |
 +</​sortable>​
 +
 +==== Sambashare ====
 +The daemons are up and running and recheable via NetBIOS. Now you only need to configure the directories you intend to make accesible to users in your LAN. This example assumes you attached a USB harddisk to the USB-Port and //​correctly//​ mounted a partition. You can now choose to share the partition as a whole, or just individual directories on it. Fo each entry you need to create an individual config '​sambashare'​ section.
 +
 +<​code>​config '​sambashare'​
 +        option '​name'​ '​Shares'​
 +        option '​path'​ '/​mnt/​sda3'​
 +#       ​option '​users'​ '​sandra'​
 +        option '​guest_ok'​ '​yes'​
 +        option '​create_mask'​ '​0700'​
 +        option '​dir_mask'​ '​0700'​
 +        option '​read_only'​ '​yes'​
 +</​code>​
 +
 +<​sortable>​
 +^ Name ^ Type ^ Required ^ Default ^ Option ^ Description ^
 +| ''​name''​ | string | yes | //(none)// |  | Name of the entry. Will be shown in the filebrowser. |
 +| ''​path''​ | file path | yes | //(none)// | | The complete path of the directory. [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​PATH|path]] |
 +| ''​users''​ | string | no | guest account or from global template | | the samba-users allowed access to this entry; use ''​smbpasswd''​ to create a user-pwd combination! Several users can be specified, separated by a coma (ex : option '​users'​ '​root,​nobody'​ ). Translated to [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​VALIDUSERS|valid users]]. |
 +| ''​read_only''​ | string | no | yes or from global template | no, yes | no allows for read/write, else only read access is granted; (for rw, you also need to mount fs rw!). [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​READONLY|read only]]. |
 +| ''​guest_ok''​ | string | no | no or from global template | no, yes | Specifies if you need to login via samba-username and password to access this share. [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​GUESTOK|guest ok]]. |
 +| ''​create_mask''​ | integer | no | 0744 or from global template | | chmod mask for files created (need write access). [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​CREATEMASK|create mask]] |
 +| ''​dir_mask''​ | integer | no | 0755 or from global template | | chmod mask for directories created (need write access). [[http://​www.samba.org/​samba/​docs/​man/​manpages-3/​smb.conf.5.html#​DIRECTORYMASK|directory mask]]. |
 +|  | | | | |  |
 +</​sortable>​
 +
 +
 +
 +===== Additional Configuration Options =====
 +==== Common Options ====
 +In addition to the UCI file (''/​etc/​config/​samba''​),​ modifications can be made to the ''/​etc/​samba/​smb.conf.template''​ file.
 +==== Sambashare ====
 +Modifications can be made to the ''/​etc/​samba/​smb.conf.template''​ file, based on ''/​var/​etc/​smb.conf''​ file, created by ''/​etc/​init.d/​samba''​.
 +
 +The full section from ''/​var/​etc/​smb.conf''​ should be added to ''/​etc/​samba/​smb.conf.template''​ and removed from UCI.
 +
 +For example:<​code bash>uci show samba | grep name
 +samba.@sambashare[0].name=over9000
 +sed -e '/​\[over9000\]/,/​^$/​ !d' /​var/​etc/​smb.conf >> /​etc/​samba/​smb.conf.template
 +uci delete samba.@sambashare[0]
 +uci commit samba
 +/​etc/​init.d/​samba restart</​code>​
 +
 +In a second approach ''/​etc/​init.d/​samba''​ could also be edited for spit whatever to ''/​var/​etc/​smb.conf''​ associated with UCI.
 +
 +For example, hack once:<​code bash>sed -i -e '/​dir_mask/​p;​s/​dir_mask\|directory mask/​browsable/​g'​ /​etc/​init.d/​samba</​code>​
 +Then, anytime:<​code bash>uci show samba | grep name
 +samba.@sambashare[0].name=over9000
 +uci set samba.@sambashare[0].browsable=no
 +uci commit samba
 +/​etc/​init.d/​samba restart
 +cat /​var/​etc/​smb.conf</​code>​
 +
 +===== Configuration examples =====
 +Samba can be configured at either share level access or user level access. ​ At share level access all users on the network can access the share, and all files are shared with all users. ​ At user level access a username and password are needed to access the share. ​ By default Samba is configured for user level access.
 +
 +These configurations have proven to work for some:
 +
 +==== Share level access ====
 +At share level access all users on the network can access the share, and all files are shared with all users. To set share level access change ''​security = user''​ to ''​security = share''​ in ''/​etc/​samba/​smb.conf.template'':​
 +
 +<​code>​[global]
 + netbios name = |NAME| ​
 + workgroup = |WORKGROUP|
 + server string = |DESCRIPTION|
 + syslog = 10
 + encrypt passwords = true
 + passdb backend = smbpasswd
 + obey pam restrictions = yes
 + socket options = TCP_NODELAY
 + unix charset = ISO-8859-1
 +        local master = yes
 + preferred master = yes
 + os level = 20
 + security = share
 + guest account = nobody
 + invalid users = root
 + smb passwd file = /​etc/​samba/​smbpasswd</​code>​
 +
 +Then add a share to ''/​etc/​config/​samba''​. Make sure that ''​guest ok''​ is set to ''​yes''​
 +<​code>​config '​samba'​
 + option '​name'​ '​openwrt'​
 + option '​workgroup'​ '​WORKGROUP'​
 + option '​description'​ '​openwrt'​
 + option '​homes'​ '​1'​
 +
 +config '​sambashare'​
 + option '​read_only'​ '​no'​
 + option '​create_mask'​ '​0700'​
 + option '​dir_mask'​ '​0700'​
 + option '​name'​ '​name-of-share'​
 + option '​path'​ '/​path/​of/​share'​
 + option '​guest_ok'​ '​yes'</​code>​
 +
 +This share should now be accessible by ''​\\ip-adress-openwrt\name-of-share''​ (windows, username and password can be anything).
 +
 +==== User level access ====
 +At user level access a username and password are needed to access the share.
 +
 +Steps:
 +
 +=== 1. Add user to system ===
 +To access a samba share with user level access there must be a user added to the system. Edit ''/​etc/​passwd''​ and add a line for the new user. Choose a user id (the first number in the line) of 1000 or higher that does not exist yet. Set the group identification number (the second number) to the same number as the user nobody. Copy the rest.
 +<​code>​root:​!:​0:​0:​root:/​root:/​bin/​ash
 +nobody:​*:​65534:​65534:​nobody:/​var:/​bin/​false
 +daemon:​*:​65534:​65534:​daemon:/​var:/​bin/​false
 +newuser:​*:​1000:​65534:​newuser:/​var:/​bin/​false</​code>​
 +
 +**Note:** keep in mind that the user(s) and group(s) utilized by Samba need to have the proper permissions for their shares, i.e. they need write access in order to write via smb.
 +
 +=== 2. Add samba password to user ===
 +''​smbpasswd -a newuser''​
 +=== 3. Change samba config to accept users with null passwords ===
 +Edit ''/​etc/​samba/​smb.conf.template''​ and add ''​null passwords = yes'':​
 +
 +<​code>​[global]
 + netbios name = |NAME| ​
 + workgroup = |WORKGROUP|
 + server string = |DESCRIPTION|
 + syslog = 10
 + encrypt passwords = true
 + passdb backend = smbpasswd
 + obey pam restrictions = yes
 + socket options = TCP_NODELAY
 + unix charset = ISO-8859-1
 +        local master = yes
 + preferred master = yes
 + os level = 20
 + security = user
 + null passwords = yes
 + guest account = nobody
 + invalid users = root
 + smb passwd file = /​etc/​samba/​smbpasswd</​code>​
 +=== 4. Add a share ===
 +Then add a share to ''/​etc/​config/​samba''​. Make shure that ''​guest ok''​ is set to ''​no''​
 +<​code>​config '​samba'​
 + option '​name'​ '​openwrt'​
 + option '​workgroup'​ '​WORKGROUP'​
 + option '​description'​ '​openwrt'​
 + option '​homes'​ '​1'​
 +
 +config '​sambashare'​
 + option '​read_only'​ '​no'​
 + option '​create_mask'​ '​0700'​
 + option '​dir_mask'​ '​0700'​
 + option '​name'​ '​name-of-share'​
 + option '​path'​ '/​path/​of/​share'​
 + option '​guest_ok'​ '​no'</​code>​
 +
 +This share should now be accessible by ''​\\ip-adress-openwrt\name-of-share''​ (windows, correct username and password are needed).
 +
 +
 +
 +
 +
 +
 +
 +=====Notes=====
 +
 +If you use a trunk version and experience connection aborts take a look at this file ''/​etc/​samba/​samba.conf.template''​ and search for ''​reset on zero vc = yes''​
 +Remove this line or set it to ''​no''​.
 +
 +More information about this issue here: https://​dev.openwrt.org/​ticket/​9992
 +
 +
 +If your CPU is your samba bottleneck, disabling sendfile might help.
 +See http://​www.linksysinfo.org/​index.php?​threads/​speeding-up-the-samba-by-30.52240/​