network-samba.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>File and Print Services for Microsoft燱indows clients (Samba)</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Network Servers" href="network-servers.html" />
<link rel="PREVIOUS" title="File Transfer Protocol (FTP)" href="network-ftp.html" />
<link rel="NEXT" title="Clock Synchronization with NTP" href="network-ntp.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="network-ftp.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 23 Network Servers</td>
<td width="10%" align="right" valign="bottom"><a href="network-ntp.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="NETWORK-SAMBA" name="NETWORK-SAMBA">23.10 File and Print
Services for <span class="TRADEMARK">Microsoft</span>&reg;&nbsp;<span
class="TRADEMARK">Windows</span>&reg; clients (Samba)</a></h1>

<i class="AUTHORGROUP"><span class="CONTRIB">Contributed by</span> Murray Stokely.</i> 

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35663" name="AEN35663">23.10.1 Overview</a></h2>

<p><b class="APPLICATION">Samba</b> is a popular open source software package that
provides file and print services for <span
class="TRADEMARK">Microsoft</span>&reg;&nbsp;<span class="TRADEMARK">Windows</span>&reg;
clients. Such clients can connect to and use FreeBSD filespace as if it was a local disk
drive, or FreeBSD printers as if they were local printers.</p>

<p><b class="APPLICATION">Samba</b> software packages should be included on your FreeBSD
installation media. If you did not install <b class="APPLICATION">Samba</b> when you
first installed FreeBSD, then you can install it from the <a
href="http://www.FreeBSD.org/cgi/url.cgi?ports/net/samba3/pkg-descr"><tt
class="FILENAME">net/samba3</tt></a> port or package.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35673" name="AEN35673">23.10.2 Configuration</a></h2>

<p>A default <b class="APPLICATION">Samba</b> configuration file is installed as <tt
class="FILENAME">/usr/local/etc/smb.conf.default</tt>. This file must be copied to <tt
class="FILENAME">/usr/local/etc/smb.conf</tt> and customized before <b
class="APPLICATION">Samba</b> can be used.</p>

<p>The <tt class="FILENAME">smb.conf</tt> file contains runtime configuration information
for <b class="APPLICATION">Samba</b>, such as definitions of the printers and
``filesystem shares'' that you would like to share with <span
class="TRADEMARK">Windows</span> clients. The <b class="APPLICATION">Samba</b> package
includes a web based tool called <b class="APPLICATION">swat</b> which provides a simple
way of configuring the <tt class="FILENAME">smb.conf</tt> file.</p>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35688" name="AEN35688">23.10.2.1 Using the Samba Web
Administration Tool (SWAT)</a></h3>

<p>The Samba Web Administration Tool (SWAT) runs as a daemon from <b
class="APPLICATION">inetd</b>. Therefore, the following line in <tt
class="FILENAME">/etc/inetd.conf</tt> should be uncommented before <b
class="APPLICATION">swat</b> can be used to configure <b
class="APPLICATION">Samba</b>:</p>

<pre class="PROGRAMLISTING">
swat   stream  tcp     nowait/400      root    /usr/local/sbin/swat
</pre>

<p>As explained in <a href="network-inetd.html#NETWORK-INETD-HANGUP">Example 23-1</a>, a
HangUP Signal must be sent to <b class="APPLICATION">inetd</b> after this configuration
file is changed.</p>

<p>Once <b class="APPLICATION">swat</b> has been enabled in <tt
class="FILENAME">inetd.conf</tt>, you can use a browser to connect to <a
href="http://localhost:901" target="_top">http://localhost:901</a>. You will first have
to log on with the system <tt class="USERNAME">root</tt> account.</p>

<p>Once you have successfully logged on to the main <b class="APPLICATION">Samba</b>
configuration page, you can browse the system documentation, or begin by clicking on the
<span class="GUIMENU">Globals</span> tab. The <span class="GUIMENU">Globals</span>
section corresponds to the variables that are set in the <var
class="LITERAL">[global]</var> section of <tt
class="FILENAME">/usr/local/etc/smb.conf</tt>.</p>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35710" name="AEN35710">23.10.2.2 Global Settings</a></h3>

<p>Whether you are using <b class="APPLICATION">swat</b> or editing <tt
class="FILENAME">/usr/local/etc/smb.conf</tt> directly, the first directives you are
likely to encounter when configuring <b class="APPLICATION">Samba</b> are:</p>

<div class="VARIABLELIST">
<dl>
<dt><var class="LITERAL">workgroup</var></dt>

<dd>
<p>NT Domain-Name or Workgroup-Name for the computers that will be accessing this
server.</p>
</dd>

<dt><var class="LITERAL">netbios name</var></dt>

<dd>
<p>This sets the NetBIOS name by which a <b class="APPLICATION">Samba</b> server is
known. By default it is the same as the first component of the host's DNS name.</p>
</dd>

<dt><var class="LITERAL">server string</var></dt>

<dd>
<p>This sets the string that will be displayed with the <tt class="COMMAND">net view</tt>
command and some other networking tools that seek to display descriptive text about the
server.</p>
</dd>
</dl>
</div>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35736" name="AEN35736">23.10.2.3 Security Settings</a></h3>

<p>Two of the most important settings in <tt
class="FILENAME">/usr/local/etc/smb.conf</tt> are the security model chosen, and the
backend password format for client users. The following directives control these
options:</p>

<div class="VARIABLELIST">
<dl>
<dt><var class="LITERAL">security</var></dt>

<dd>
<p>The two most common options here are <var class="LITERAL">security = share</var> and
<var class="LITERAL">security = user</var>. If your clients use usernames that are the
same as their usernames on your FreeBSD machine then you will want to use user level
security. This is the default security policy and it requires clients to first log on
before they can access shared resources.</p>

<p>In share level security, client do not need to log onto the server with a valid
username and password before attempting to connect to a shared resource. This was the
default security model for older versions of <b class="APPLICATION">Samba</b>.</p>
</dd>

<dt><var class="LITERAL">passdb backend</var></dt>

<dd>
<p><b class="APPLICATION">Samba</b> has several different backend authentication models.
You can authenticate clients with LDAP, NIS+, a SQL database, or a modified password
file. The default authentication method is <var class="LITERAL">smbpasswd</var>, and that
is all that will be covered here.</p>
</dd>
</dl>
</div>

<p>Assuming that the default <var class="LITERAL">smbpasswd</var> backend is used, the
<tt class="FILENAME">/usr/local/private/smbpasswd</tt> file must be created to allow <b
class="APPLICATION">Samba</b> to authenticate clients. If you would like to give all of
your <span class="TRADEMARK">UNIX</span>&reg; user accounts access from <span
class="TRADEMARK">Windows</span> clients, use the following command:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">cat /etc/passwd | grep -v "^#" | make_smbpasswd &gt; /usr/local/private/smbpasswd</kbd>
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">chmod 600 /usr/local/private/smbpasswd</kbd>
</pre>

<p>Please see the <b class="APPLICATION">Samba</b> documentation for additional
information about configuration options. With the basics outlined here, you should have
everything you need to start running <b class="APPLICATION">Samba</b>.</p>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35777" name="AEN35777">23.10.3 Starting <b
class="APPLICATION">Samba</b></a></h2>

<p>To enable <b class="APPLICATION">Samba</b> when your system boots, add the following
line to <tt class="FILENAME">/etc/rc.conf</tt>:</p>

<pre class="PROGRAMLISTING">
samba_enable="YES"
</pre>

<p>You can then start <b class="APPLICATION">Samba</b> at any time by typing:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">/usr/local/etc/rc.d/samba.sh start</kbd>
Starting SAMBA: removing stale tdbs :
Starting nmbd.
Starting smbd.
</pre>

<p><b class="APPLICATION">Samba</b> actually consists of three separate daemons. You
should see that both the <b class="APPLICATION">nmbd</b> and <b
class="APPLICATION">smbd</b> daemons are started by the <tt
class="FILENAME">samba.sh</tt> script. If you enabled winbind name resolution services in
<tt class="FILENAME">smb.conf</tt>, then you will also see that the <b
class="APPLICATION">winbindd</b> daemon is started.</p>

<p>You can stop <b class="APPLICATION">Samba</b> at any time by typing :</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">/usr/local/etc/rc.d/samba.sh stop</kbd>
</pre>

<p><b class="APPLICATION">Samba</b> is a complex software suite with functionality that
allows broad integration with <span class="TRADEMARK">Microsoft</span>&nbsp;<span
class="TRADEMARK">Windows</span> networks. For more information about functionality
beyond the basic installation described here, please see <a href="http://www.samba.org"
target="_top">http://www.samba.org</a>.</p>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="network-ftp.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="network-ntp.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">File Transfer Protocol (FTP)</td>
<td width="34%" align="center" valign="top"><a href="network-servers.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Clock Synchronization with NTP</td>
</tr>
</table>
</div>

<p align="center"><small>This, and other documents, can be downloaded from <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.<br />
For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>