os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update Samba configuration information for the modern era.

Browse source 
PR:		197528
Submitted by:	Shawn Debnath <sd@beastie.io>
Differential Revision:	https://reviews.freebsd.org/D6086
This commit is contained in:
Warren Block 2016-06-03 18:36:04 +00:00
parent 0dd71013f3
commit 2d1a634039
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=48890
2 changed files with 75 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

173
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
View file

@ -5065,89 +5065,60 @@ AddModule mod_php5.c
network.</para>
<para>A &os; system can also be configured to act as a
<application>Samba</application> server. This allows the
administrator to create <acronym>SMB/CIFS</acronym> shares on
<application>Samba</application> server by installing the
<package>net/samba43</package> port or package. This allows the
administrator to create <acronym>SMB</acronym>/<acronym>CIFS</acronym>shares on
the &os; system which can be accessed by clients running
&microsoft.windows; or the <application>Samba</application>
client libraries. In order to configure a
<application>Samba</application> server on &os;, the
<package>net/samba36</package> port or package must first be
installed. The rest of this section provides an overview of how
to configure a <application>Samba</application> server on
&os;.</para>
<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. -->
client libraries.</para>
<sect2>
<title>Configuration</title>
<title>Server Configuration</title>
<para>A default <application>Samba</application> configuration
file is installed as
<filename>/usr/local/share/examples/samba36/smb.conf.default</filename>.
This file must be copied to
<filename>/usr/local/etc/smb.conf</filename> and customized
before <application>Samba</application> can be used.</para>
<para><application>Samba</application> is configured in
<filename>/usr/local/etc/smb4.conf</filename>. This file must
be created before <application>Samba</application>
can be used.</para>
<para>Runtime configuration information for
<application>Samba</application> is found in
<filename>smb.conf</filename>, such as definitions of the
printers and <quote>file system shares</quote> that will
be shared with &windows; clients. The
<application>Samba</application> package includes a web based
tool called <application>swat</application> which provides a
simple way for configuring
<filename>smb.conf</filename>.</para>
<para>A simple <filename>smb4.conf</filename> to share
directories and printers with &windows; clients in a
workgroup is shown here. For more complex setups
involving LDAP or Active Directory, it is easier to use
&man.samba-tool.8; to create the initial
<filename>smb4.conf</filename>.</para>
<sect3>
<title>Using the Samba Web Administration Tool (SWAT)</title>
<programlisting>[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
netbios name = ExampleMachine
wins support = Yes
security = user
passdb backend = tdbsam
<para>The Samba Web Administration Tool (SWAT) runs as a
daemon from <application>inetd</application>. Therefore,
<application>inetd</application> must be enabled as shown in
<xref linkend="network-inetd"/>. To enable
<application>swat</application>, uncomment the following
line in <filename>/etc/inetd.conf</filename>:</para>
<programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting>
<para>As explained in <xref linkend="network-inetd-reread"/>,
the <application>inetd</application> configuration must be
reloaded after this configuration file is changed.</para>
<para>Once <application>swat</application> has been enabled,
use a web browser to connect to <uri
xlink:href="http://localhost:901">http://localhost:901</uri>.
At first login, enter the credentials for <systemitem
class="username">root</systemitem>.</para>
<!-- XXX screenshots go here, loader is creating them
XXXTR: I'll believe it when I see it. -->
<para>Once logged in, the main
<application>Samba</application> configuration page and the
system documentation will be available. Begin configuration
by clicking on the <guimenu>Globals</guimenu> tab. The
<guimenu>Globals</guimenu> section corresponds to the
variables that are set in the <literal>[global]</literal>
section of
<filename>/usr/local/etc/smb.conf</filename>.</para>
</sect3>
# Example: share /usr/src accessible only to 'developer' user
[src]
path = /usr/src
valid users = developer
writable = yes
browsable = yes
read only = no
guest ok = no
public = no
create mask = 0666
directory mask = 0755</programlisting>
<sect3>
<title>Global Settings</title>
<para>Whether <application>swat</application> is used or
<filename>/usr/local/etc/smb.conf</filename> is edited
directly, the first directives encountered when configuring
<application>Samba</application> are:</para>
<para>Settings that describe the network are added in
<filename>/usr/local/etc/smb4.conf</filename>:</para>
<variablelist>
<varlistentry>
<term><literal>workgroup</literal></term>
<listitem>
<para>The domain name or workgroup name for the
computers that will be accessing this server.</para>
<para>The name of the workgroup to be served.</para>
</listitem>
</varlistentry>
@ -5157,7 +5128,7 @@ AddModule mod_php5.c
<listitem>
<para>The NetBIOS name by which a
<application>Samba</application> server is known. By
default it is the same as the first component of the
default, it is the same as the first component of the
host's <acronym>DNS</acronym> name.</para>
</listitem>
</varlistentry>
@ -5172,24 +5143,34 @@ AddModule mod_php5.c
about the server.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>wins support</literal></term>
<listitem>
<para>Whether <application>Samba</application> will
act as a <acronym>WINS</acronym> server. Do not
enable support for <acronym>WINS</acronym> on more than
one server on the network.</para>
</listitem>
</varlistentry>
</variablelist>
</sect3>
<sect3>
<title>Security Settings</title>
<para>Two of the most important settings in
<filename>/usr/local/etc/smb.conf</filename> are the
security model and the backend password format for client
users. The following directives control these
options:</para>
<para>The most important settings in
<filename>/usr/local/etc/smb4.conf</filename> are the
security model and the backend password format. These
directives control the options:</para>
<variablelist>
<varlistentry>
<term><literal>security</literal></term>
<listitem>
<para>The two most common options are
<para>The most common settings are
<literal>security = share</literal> and
<literal>security = user</literal>. If the clients
use usernames that are the same as their usernames on
@ -5217,30 +5198,29 @@ AddModule mod_php5.c
<para><application>Samba</application> has several
different backend authentication models. Clients may
be authenticated with LDAP, NIS+, an SQL database,
or a modified password file. The default
authentication method is <literal>smbpasswd</literal>,
and that is all that will be covered here.</para>
or a modified password file. The recommended
authentication method, <literal>tdbsam</literal>,
is ideal for simple networks and is covered here.
For larger or more complex networks,
<literal>ldapsam</literal> is recommended.
<literal>smbpasswd</literal>
was the former default and is now obsolete.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Assuming that the default <literal>smbpasswd</literal>
backend is used,
<filename>/usr/local/etc/samba/smbpasswd</filename>
must be created to allow <application>Samba</application> to
authenticate clients. To provide &unix; user accounts
access from &windows; clients, use the following command to
add each required user to that file:</para>
</sect3>
<screen>&prompt.root; <userinput>smbpasswd -a <replaceable>username</replaceable></userinput></screen>
<sect3>
<title><application>Samba</application> Users</title>
<note>
<para>The recommended backend is now
<literal>tdbsam</literal>. If this backend is selected,
use the following command to add user accounts:</para>
<para>&os; user accounts must be mapped to the
<literal>SambaSAMAccount</literal> database for
&windows; clients to access the share.
Map existing &os; user accounts using
&man.pdbedit.8;:</para>
<screen>&prompt.root; <userinput>pdbedit -a -u <replaceable>username</replaceable></userinput></screen>
</note>
<screen>&prompt.root; <userinput>pdbedit -a <replaceable>username</replaceable></userinput></screen>
<para>This section has only mentioned the most commonly used
settings. Refer to the <link
@ -5259,13 +5239,6 @@ AddModule mod_php5.c
<programlisting>samba_enable="YES"</programlisting>
<para>Alternately, its services can be started
separately:</para>
<programlisting>nmbd_enable="YES"</programlisting>
<programlisting>smbd_enable="YES"</programlisting>
<para>To start <application>Samba</application> now:</para>
<screen>&prompt.root; <userinput>service samba start</userinput>
@ -5277,11 +5250,11 @@ Starting smbd.</screen>
separate daemons. Both the <application>nmbd</application>
and <application>smbd</application> daemons are started by
<varname>samba_enable</varname>. If winbind name resolution
services are enabled in <filename>smb.conf</filename>, the
<application>winbindd</application> daemon is started as
well.</para>
is also required, set:</para>
<para><application>Samba</application> may be stopped at any
<programlisting>winbindd_enable="YES"</programlisting>
<para><application>Samba</application> can be stopped at any
time by typing:</para>
<screen>&prompt.root; <userinput>service samba stop</userinput></screen>

2
share/xml/man-refs.ent
View file

@ -5708,6 +5708,7 @@
<!ENTITY man.pccardc.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pccardc</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.pccardd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pccardd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.pciconf.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pciconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.pdbedit.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pdbedit</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.periodic.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>periodic</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.pfctl.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.pflogd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pflogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
@ -5842,6 +5843,7 @@
<!ENTITY man.sa.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sa</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.sade.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sade</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.savecore.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>savecore</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.samba-tool.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>samba-tool</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.sconfig.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.scsi.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>scsi</refentrytitle><manvolnum>8</manvolnum></citerefentry>">
<!ENTITY man.scspd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>scspd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">