What is SAMBA? Samba - first steps Support for the samba network environment.

Nowadays, quite often on the same local network you can find computers running Linux control and Windows. The reasons for this symbiosis can be different: for example, the owners of an Internet cafe did not have enough funds to purchase a licensed OS for all computers, or the system administrator was simply attracted by the positive aspects of Linux. The popularity of Microsoft operating systems is largely determined by client software for Windows. It's no secret that this software sector is very developed. Many companies have made serious efforts to this and have created really good, and most importantly, easy-to-use programs that even an ordinary user can easily master. But as a server, Windows’ position is no longer so clear. A server running Unix is ​​traditionally characterized by reliability, stable operation, security and often lower requirements for system resources. But in any case, simply connecting computers with different software platforms to the network will not get the expected result. The problem is that these two systems use different principles for organizing network resources that are incompatible with each other.
Since there is no need to wait for Microsoft's mercy, and Windows is unlikely to learn to work with the Unix network file system (NFS) using standard means, and, to be honest, I don't know third-party programs, the most popular way is to try to teach Unix to “pretend” that if it were Windows NT.

Interaction in a network of computers running Windows is based on the use of the protocol SMB (Server Message Block)- blocks of server messages. It ensures that all the tasks necessary in these cases are performed: opening and closing, reading and writing, searching for files, creating and deleting directories, setting a print job and deleting it from there. All actions necessary for this are implemented in Unix-like operating systems using the package SAMBA. Its capabilities can be divided into two categories: provision of resources (by which we mean access to the printer system and files) for Windows clients and access to client resources. That is, a computer running Linux can act as both a server and a client. First, let's consider the SAMBA server option.

What should SAMBA provide for normal operation of Windows machines on a network? First, access control, which can be implemented either at the resource level (share level), when a password and corresponding usage rules are assigned to any resource on the network (for example, “read only”), while the user name has absolutely no no meaning; or a more advanced and flexible organization at the user level, when an account is created for each user, which, in addition to the name and password, contains all the necessary information about access rights to the resource. Before gaining access to the required resource, each user is authenticated, after which he is granted rights according to his accounts. Secondly, emulation of access rights determined by the file system is necessary. The thing is that the systems in question have access rights to files and directories on the disk differently. In Unix, there are traditionally three categories of file users: owner, group And the rest (other). Each of these entities may be provided read permissions, write And execution. In Windows NT, the access system is somewhat more flexible; access is granted to several groups or users, and the corresponding access rights are determined separately for each subject. Therefore, it is impossible to fully emulate the access rights inherent in NTFS using SAMBA.

With clients running Windows 9x, the situation is different. Since the time of the grandfather of DOS, due to the fact that the system is single-user and there could be no talk of any users, much less groups, only four attributes have been defined for the FAT file system - read only, system, archive and hidden. Plus, in Windows, unlike Unix, it has special meaning file extension - those that are intended to be executed have the extensions .exe, .com or .bat. When copying files from Unix machines to computers running Windows control attributes are set like this:

only for reading- reading, writing for the owner;

archival- execution for the owner;

systemic- execution for the group;

hidden - execution for the group.

A network of Windows machines can be organized as a workgroup, when the computers are independent of each other and each has its own database of passwords and logins with its own security policy, and also as an NT domain. The entire basis for user and computer authentication is managed primary domain controller (PDC, Primary Domain Controller), i.e. centralized. Samba allows you to restrict access at all these levels and acts as a "master browser" in the context working group or domain controller.

We have sorted out the general organizational issues. Let's now look specifically at the implementation and configuration of a SAMBA server in Linux. For the Samba server to work, two daemons must be running: smbd, which provides a print and file sharing service for Samba clients (such as Windows of all stripes), and nmbd, which powers the NetBIOS name service (it can also be used to query other name service daemons). The protocol is used to access clients TCP/IP. Typically, Samba is installed with a Linux distribution. How to check? Just give the command:

and you should get something like this:

Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz

If it is not included in the standard distribution, then welcome to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or almost any server with programs for Linux. The package is easy to install, so in order not to take up space, we will assume that you have it installed. Now let's check if the daemon is running:

$ ps -aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D

As you can see, I already have it running. If you don’t have it, and you want it to start when the system boots, then in Linux Mandrake, for example, check the desired box in DrakConf- starting services or in Red HatСontrol-panel- Service Configuration, usually this is enough. Or start manually: ./etc/rc.d/init.d/smb start. The only Samba configuration file is called smb.conf and is usually located in the /etc directory (although in AltLinux, for example, it is in the /etc/samba directory). The SAMBA service reads it every 60 seconds, so changes made to the configuration take effect without rebooting, but do not apply to already established connections.

This is why I love Linux, because the configuration files are plain text (and well commented inside), and in order to use most of the parameters, you just need to uncomment the corresponding line. The smb.conf file is no exception. It consists of named sections starting with the section name enclosed in square brackets. Inside each section there are a number of parameters in the form key=value. The configuration file contains four special sections: , and separate resources (shares). As the name suggests, the section contains the most general characteristics that will apply everywhere, but which, however, can then be overridden in sections for individual resources. Some parameters in this section are also relevant to configuring the Samba client part.

Values ​​of typical section parameters global:

Workgroup = group_name # name of the workgroup on the Windows network netbios name = name of the server on the network server string = comment that is visible in the network browsing properties window guest ok = yes # allowing guest login (guest ok = no - guest login is prohibited) guest account = nobody # name under which guest login is allowed security = user # Access level. user - at the user level, security = share - authentication based on username and password. When storing the password database on another SMB server, the values ​​security = server and password server = name_server_NT are used. If the server is a member of a domain, the value security = domain is used, the access password is specified in the file defined using the smb passwd file = /path/to/file option.

In addition, during registration you can use encrypted and unencrypted (plain-text) passwords. The latter are used in older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (up to Service Pack 3)). To enable the option to use an encrypted password, use the encrypt password = yes option. Please pay special attention to this option. On older Linux distributions that were built during the Windows 95 era (and with an older version of Samba), password encryption is disabled by default, and samba before version 2.0 does not support this mode at all (by the way, this option and similar ones - those that do not relate to access to specific resources - are also used in the client).

To correctly display Russian file names, the following options are needed: client code page = 866 and character set = koi8-r. In distributions with good localization, for example, derivatives from Mandrake and Russian ones, this line is already there; sometimes it’s enough just to uncomment it, but in most others you have to add it yourself.

The interfaces = 192.168.0.1/24 option specifies which network (interface) the program should run on if the server is connected to several networks at once. When setting the bind interfaces only = yes parameter, the server will only respond to requests from these networks.

hosts allow = 192.168.1. 192.168.2. 127. - defines clients for whom access to the service is allowed.

In the global section, you can use various variables for more flexible configuration of the server. After the connection is established, real values ​​are substituted instead. For example, in the log file = /var/log/samba/%m.log directive, the %m parameter helps define a separate log file for each client machine. Here are the most common variables used in the global section:

%a - OS architecture on the client machine (possible values ​​- Win95, Win NT, UNKNOWN, etc.);

%m - NetBIOS name of the client computer;

%L - NetBIOS name of the SAMBA server;

%v - SAMBA version;

%I - IP address of the client computer;

%T - date and time;

%u - name of the user working with the service;

%H is the home directory of user %u.

Also, for more flexible configuration, the include directive is used, using the above variables. For example: include = /etc/samba/smb.conf.%m - now when you request sales from a computer and there is a file /etc/samba/smb.conf.sales, the configuration will be taken from this file. If separate file for some machine will not be, then a common file will be used to work with it.

# sudo vim /etc/samba/sambacreds username=proft password=1 username=noboy password=

Set the access rights to 0600

Sudo chmod 0600 /etc/samba/sambacreds

New mount line

Mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101

And an example for /etc/fstab

//192.168.24.101/public /home/proft/shares/public cifs noauto,username=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101 0 0

You can open the resource in the Nautilus/Nemo/etc file manager using this path smb://192.268.24.101.

If Nemo writes Nemo cannot handle "smb" locations. it means the package is missing gvfs-smb.

Access to the server with Windows and Android client

Under Windows, you can find out the workgroup from the console using

Net config workstation

You can open resources on a remote machine by typing the UNC address in the Explorer line or in Run (Start - Run): \192.168.24.101 .

On Android you can connect to the server using ES File Explorer, on the Network tab, add a server, simply by IP (without specifying the scheme, smb). After which you can open the shared resources. For statistics: an HDRIP movie runs without any slowdown.

Additional reading

Or maybe it’s just interest and curiosity that push users to search for various suitable software. Samba is one such software. You need to know how to set up Samba on Ubuntu Server if you want to turn your computer into a database or file storage.

Installing Samba on Ubuntu Server makes it possible to create a database.

If you thought that the page was dedicated to learning dance, you were slightly mistaken. Samba is free software. It provides access to printers and files. And it does this on various operating systems.

What is it for?

In comparison with other software packages for similar purposes, Samba has several advantages and features.

• Allows you to connect a Unix-like system, i.e., any Linux and Windows system, to each other. And not only Windows. The program is very “omnivorous”: MacOS, Solaris and other operating systems of varying degrees of popularity.
• Samba allows Windows users to use Ubuntu computers as a server. That is, use the files to which access has been established, as well as some of the connected devices.
• Supports the NT Domain domain structure, manages NT users, supports member and primary controller functions.

Probably, for many, the main thing from this is communication with Windows machines. In this case, they act as a client, and the Ubuntu computer acts as a server. On the other side, Ubuntu user can also access Windows network folders.

Samba has been produced since 1992. And, most importantly, new versions are still being released. The last one was released on March 7, 2017. Every year, developers try to improve compatibility big amount different versions of operating systems, but the main feature remains the connection of Linux systems with Microsoft. Compared to Windows Server, Samba may be inferior to it due to the lack of support for some protocols and host infrastructure. However, many argue that the speed of Samba is much higher.

Setting up Samba

Before setting up, the program must be installed. Installing Samba is done in the same way as with other programs - by entering the command into the terminal:

sudo apt-get install samba

Please note right away: all the steps that will be described, including installing the program, can be performed as follows: simple Ubuntu, and on Ubuntu Server. Only the latter has an exclusively text interface available.

After installation you should do backup file configurations:

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

$ sudo vi /etc/samba/smb.conf

Or we edit an existing one. This file contains the basic settings of the Samba server. To figure out what we'll do next, we need to understand what the different lines mean.

• Workgroup - working group. The value of this parameter will also often be Workgroup, since in Windows the default workgroup domain looks like this.
• Netbios name is the name of the Ubuntu computer as seen by Windows users. Here you can enter the value at your discretion.
• Security - user authorization mode. The default is User, that is, authentication at the user level. For now, it's best to leave it that way.
• Os level - indicates the priority that Samba has over other clients (PCs) on the local or Internet network.
• Name resolve order - order of IP address resolution by NetBIOS name.
• Read only - privilege to read or write a directory. The value can be “yes” - read only, “no” - write.

Create a user

This is the simplest action with which you can start working with Samba.

Add a user in the OS itself:

$ useradd -M -l -s /sbin/nologin username

Let's create a password for it:

Let's add our user to the Samba database:

$ smbpasswd -a username

You can use the $ smbpasswd command to perform other various actions:

• $ smbpasswd username - change password
• $ smbpasswd -x username - delete a user
• $ smbpasswd -d username - ban user

The server must be rebooted if you make changes to the configuration file. This is done using the command:

$ systemctl restart smb

These are the basic Samba settings. Now you can try to put the program into practice.

Folder access

First, let's try to create a folder that will be accessible to all users, even those who are not authorized in Samba.

We create a folder with which we will then work on two computers:

$ sudo mkdir -p /samba/access

Now we are making extended access for this folder so that any client of ours can open it local network:

$cd/samba
$ sudo chmod -R 0755 access
$ sudo chown -R nobody:nogroup access/

The owner according to the code is nobody.

Now in the server configuration file you need to make two sections: the first one containing basic information:

Workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
#==============
And the second one, containing data about the access folder:

Path = /samba/access
browsable =yes
writable = yes
guest ok = yes
read only = no

The sections follow one after another in the same order.

Update server changes:

$ sudo service smbd restart

Actions with a Windows computer

On Windows, you also need to perform some steps so that you can easily open a new shared folder and edit it.

1. Opening command line. It is advisable to do this with extended rights, i.e. as an administrator.
2. We execute the command:
3. notepad C:\Windows\System32\drivers\etc\hosts
4. A file opens in which we enter the following line:
5. 168.0.1 srvr1.domain.com srvr1
   Thanks to it, the folder will become accessible.
6. You can open it using the “Run” line. Press Win + R, enter: After this, a folder will open for us.

Closed folder

A configured Samba server can also be used to create network folders with limited access. Such a folder must also be created first and then added to the Samba configuration.

Let's make a folder called "Closed":

$ sudo mkdir -p /samba/allaccess/closed

Let's create a special group that can have access to this folder:

$ sudo addgroup securedgroup

We create special rights for different groups:

$ cd /samba/access
$ sudo chown -R richard:securedgroup closed
$ sudo chmod -R 0770 closed/

Just as in the case of an open folder, we add information to the configuration:

Path = /samba/access/closed
valid users = @securegroup
guest ok = no
writable = yes
browsable = yes

We restart the server.

As you can understand, we created a Closed folder inside Access. Thus, Access can be opened by every user on the local network, but in order to view and edit Closed, you need to have special rights.

To make sure that everything works exactly as we specified in the batch file, you can perform a few simple steps.