воскресенье, 18 августа 2013 г.

Samba (smb)

UCI configuration options

The UCI configuration file is located at /etc/config/samba

Common Options

The config section type samba determines values and options relevant to the overall operation of samba. The following table lists some (not all) available options, their default value and respectively a short characterization. See http://*** for further details.
These are the default settings for the common options:
config 'samba'
        option 'name' 'openwrt'
        option 'workgroup' 'WORKGROUP'
        option 'description' 'openwrt'
        option 'homes' '1'
NameTypeRequiredDefaultOptionDescription
namestringyes?openwrtName of the Server
workgroupstringyes?WORKGROUPName of the Workgroup
descriptionstringyes?openwrtDescription of the Server
homesbooleanyes?1Share the user directory

Sambashare

The daemons are up and running and recheable via NetBIOS. Now you only need to configure the directories you intend to make accesible to users in your LAN. This example assumes you attached a USB harddisk to the USB-Port and correctly mounted a partition. You can now choose to share the partition as a whole, or just individual directories on it. Fo each entry you need to create an individual config 'sambashare' section.
config 'sambashare'
        option 'name' 'Shares'
        option 'path' '/mnt/sda3'
#       option 'users' 'sandra'
        option 'guest_ok' 'yes'
        option 'create_mask' '0700'
        option 'dir_mask' '0700'
        option 'read_only' 'yes'
NameTypeRequiredDefaultOptionDescription
namestringyes(none)Name of the entry. Will be shown in the filebrowser.
pathfile pathyes(none)The complete path of the directory
usersstringno(none)the samba-users allowed access to this entry; use smbpasswd to create a user-pwd combination! Several users can be specified, separated by a coma (ex : option 'users' 'root,nobody' ).
guest_okstringyesnoSpecifies if you need to login via samba-username and password to access this share
create_maskintegeryes0700chmod mask for files created (need write access)
dir_maskintegeryes0700chmod mask for directories created (need write access)
read_onlybooleanyesnono allows for read/write, else only read access is granted; (for rw, you also need to mount fs rw!)

Additional Configuration Options

In addition to the UCI file (/etc/config/samba), modifications can be made to the /etc/samba/smb.conf.template file.

Configuration examples

Samba can be configured at either share level access or user level access. At share level access all users on the network can access the share, and all files are shared with all users. At user level access a username and password are needed to access the share. By default Samba is configured for user level access.
These configurations have proven to work for some:

Share level access

At share level access all users on the network can access the share, and all files are shared with all users. To set share level access change security = user tosecurity = share in /etc/samba/smb.conf.template:
[global]
 netbios name = |NAME| 
 workgroup = |WORKGROUP|
 server string = |DESCRIPTION|
 syslog = 10
 encrypt passwords = true
 passdb backend = smbpasswd
 obey pam restrictions = yes
 socket options = TCP_NODELAY
 unix charset = ISO-8859-1
        local master = yes
 preferred master = yes
 os level = 20
 security = share
 guest account = nobody
 invalid users = root
 smb passwd file = /etc/samba/smbpasswd
Then add a share to /etc/config/samba. Make sure that guest ok is set to yes
config 'samba'
 option 'name' 'openwrt'
 option 'workgroup' 'WORKGROUP'
 option 'description' 'openwrt'
 option 'homes' '1'

config 'sambashare'
 option 'read_only' 'no'
 option 'create_mask' '0700'
 option 'dir_mask' '0700'
 option 'name' 'name-of-share'
 option 'path' '/path/of/share'
 option 'guest_ok' 'yes'
This share should now be accessible by \\ip-adress-openwrt\name-of-share (windows, username and password can be anything).

User level access

At user level access a username and password are needed to access the share.
Steps:

1. Add user to system

To access a samba share with user level access there must be a user added to the system. Edit /etc/passwd and add a line for the new user. Choose a user id (the first number in the line) of 1000 or higher that does not exist yet. Set the group identification number (the second number) to the same number as the user nobody. Copy the rest.
root:!:0:0:root:/root:/bin/ash
nobody:*:65534:65534:nobody:/var:/bin/false
daemon:*:65534:65534:daemon:/var:/bin/false
newuser:*:1000:65534:newuser:/var:/bin/false
Note: keep in mind that the user(s) and group(s) utilized by Samba need to have the proper permissions for their shares, i.e. they need write access in order to write via smb.

2. Add samba password to user

smbpasswd -a newuser

3. Change samba config to accept users with null passwords

Edit /etc/samba/smb.conf.template and add null passwords = yes:
[global]
 netbios name = |NAME| 
 workgroup = |WORKGROUP|
 server string = |DESCRIPTION|
 syslog = 10
 encrypt passwords = true
 passdb backend = smbpasswd
 obey pam restrictions = yes
 socket options = TCP_NODELAY
 unix charset = ISO-8859-1
        local master = yes
 preferred master = yes
 os level = 20
 security = user
 null passwords = yes
 guest account = nobody
 invalid users = root
 smb passwd file = /etc/samba/smbpasswd

4. Add a share

Then add a share to /etc/config/samba. Make shure that guest ok is set to no
config 'samba'
 option 'name' 'openwrt'
 option 'workgroup' 'WORKGROUP'
 option 'description' 'openwrt'
 option 'homes' '1'

config 'sambashare'
 option 'read_only' 'no'
 option 'create_mask' '0700'
 option 'dir_mask' '0700'
 option 'name' 'name-of-share'
 option 'path' '/path/of/share'
 option 'guest_ok' 'no'
This share should now be accessible by \\ip-adress-openwrt\name-of-share (windows, correct username and password are needed).

Notes

If you use a trunk version and experience connection aborts take a look at this file /etc/samba/samba.conf.template and search for reset on zero vc = yesRemove this line or set it to no.
More information about this issue here: https://dev.openwrt.org/ticket/9992
doc/uci/samba.txt · Last modified: 2013/08/14 10:28 by dylanweber

Комментариев нет:

Отправить комментарий