Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
web
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
cloud
web
Commits
c5915e76
Commit
c5915e76
authored
7 years ago
by
Paolino Paperino
Browse files
Options
Downloads
Patches
Plain Diff
2017-10-19: FG; Added Samba server configuration.
parent
53b2ed4c
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
web/support/kb/general/configureSamba.rst
+149
-0
149 additions, 0 deletions
web/support/kb/general/configureSamba.rst
with
149 additions
and
0 deletions
web/support/kb/general/configureSamba.rst
0 → 100644
+
149
−
0
View file @
c5915e76
Configure Samba server
======================
You have a Linux box `linuxhost` which you want to configure as a Samba server
for a Windows box `windowshost`.
.. warning:: For security reasons, your boxes should allow the Samba protocol only on a
(dedicated) private network. And/Or make sure `iptables` on `linuxhost` restricts
traffic to ports 139 and 445 only to `windowshost`.
What we aim to achieve
----------------------
The Linux box acts as a Samba server to the Windows box.
Two users, `smbrw` and `smbro` are allowed to connect, no guest access.
Two paths are served:
- `/home/pathRO`, visible in Windows as `datain`, with read-only access to everyone
- `/home/pathRW`, visible in Windows as `dataout`, with read-write access to user
`smbrw` and read-only access to user `smbro`
Configuration: pre-requisite
----------------------------
All following commands are to be executed on the Linux box.
Install the required packages::
$ apt-get install samba samba-common python-glade2 system-config-samba
Create Unix users. Since these users will be solely used by Samba, they do
not need to be able to connect directly to Linux, hence we make them non-interactive
by setting the shell to `/bin/false`::
$ addgroup smbgrp
$ adduser smbrw --shell /bin/false --ingroup smbgrp
$ adduser smbro --shell /bin/false --ingroup smbgrp
Make sure the paths being served exist and have the right privileges.
We omit the part relevant to the read-only path, but since such path most probably
already exists, you only need to make sure it is world-readable::
$ mkdir /home/pathRW
$ chown -R smbrw.smbgrp /home/pathRW
Create a path which will be referenced in the `smb.conf` file::
$ mkdir /etc/samba/private/
Restrict access to this server, via iptables. We assume package `iptables-persistent`
has been previously installed, so we just need to add these lines in file
`/etc/iptables/rules.v4`::
# Samba
-A INPUT -s <IP_of_windowshost>/32 -p tcp -m state --state NEW -m tcp -m multiport --dports 139,445 -j ACCEPT
Restart `iptables`::
$ service iptables-persistent restart
Configuration: Samba
--------------------
Create file `/etc/samba/smb.conf` with content similar to:
::
#
# Inspired by:
# - http://guide.debianizzati.org/index.php/SAMBA:_configurazione_lato_server
# - https://www.howtoforge.com/samba-server-ubuntu-14.04-lts
# - https://www.samba.org/samba/docs/using_samba/ch09.html
#
[global]
workgroup = WORKGROUP
server string = Samba Server test %v
netbios name = server test
security = user
map to guest = bad user
dns proxy = no
username map = /etc/samba/private/utenti.map
smb passwd file = /etc/samba/private/smbpasswd
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
#============================ Share Definitions ==============================
# [Anonymous]
# path = /home/anonymous
# browsable =yes
# writable = yes
# guest ok = yes
# read only = no
[datain]
path = /home/pathRO
comment = Read-only FS
valid users = smbrw, smbro
read only = yes
[dataout]
path = /home/pathRW
comment = Read-write FS
valid users = smbrw, smbro
read only = no
write list = smbrw
read list = smbro
directory mask = 0755
create mask = 0644
If you really want some form of anonymous access, consider editing the section `Anonymous`
in the example above.
Check the configuration file is OK::
$ testparm
Create Samba passwords for your users::
$ smbpasswd -a smbrw
$ smbpasswd -a smbro
Verify
------
On `linuxhost`::
$ smbclient -L localhost
On `windowshost` open `File Explorer` and try to connect to::
\\<IP_of_linuxhost\
a pop-up should appear asking you credentials for connection.
If you want to also test the second account, open a command prompt and
execute::
$ net use
$ net use \\<IP_of_linuxhost>\<network_path> /del
or more simply::
$ net use * /del
then go back to `File Explorer` and connect again.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment