Index: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml =================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml @@ -5065,89 +5065,60 @@ network. A &os; system can also be configured to act as a - Samba server. This allows the - administrator to create SMB/CIFS shares on + Samba server by installing the + net/samba43 port or package. This allows the + administrator to create SMB/CIFSshares on the &os; system which can be accessed by clients running µsoft.windows; or the Samba - client libraries. In order to configure a - Samba server on &os;, the - net/samba36 port or package must first be - installed. The rest of this section provides an overview of how - to configure a Samba server on - &os;. - - + client libraries. - Configuration - - A default Samba configuration - file is installed as - /usr/local/share/examples/samba36/smb.conf.default. - This file must be copied to - /usr/local/etc/smb.conf and customized - before Samba can be used. - - Runtime configuration information for - Samba is found in - smb.conf, such as definitions of the - printers and file system shares that will - be shared with &windows; clients. The - Samba package includes a web based - tool called swat which provides a - simple way for configuring - smb.conf. - - - Using the Samba Web Administration Tool (SWAT) + Server Configuration - The Samba Web Administration Tool (SWAT) runs as a - daemon from inetd. Therefore, - inetd must be enabled as shown in - . To enable - swat, uncomment the following - line in /etc/inetd.conf: - - swat stream tcp nowait/400 root /usr/local/sbin/swat swat - - As explained in , - the inetd configuration must be - reloaded after this configuration file is changed. - - Once swat has been enabled, - use a web browser to connect to http://localhost:901. - At first login, enter the credentials for root. - - - - Once logged in, the main - Samba configuration page and the - system documentation will be available. Begin configuration - by clicking on the Globals tab. The - Globals section corresponds to the - variables that are set in the [global] - section of - /usr/local/etc/smb.conf. - + Samba is configured in + /usr/local/etc/smb4.conf. This file must + be created before Samba + can be used. + + A simple smb4.conf to share + directories and printers with &windows; clients in a + workgroup is shown here. For more complex setups + involving LDAP or Active Directory, it is easier to use + &man.samba-tool.8; to create the initial + smb4.conf. + + [global] +workgroup = WORKGROUP +server string = Samba Server Version %v +netbios name = ExampleMachine +wins support = Yes +security = user +passdb backend = tdbsam + +# Example: share /usr/src accessible only to 'developer' user +[src] +path = /usr/src +valid users = developer +writable = yes +browsable = yes +read only = no +guest ok = no +public = no +create mask = 0666 +directory mask = 0755 Global Settings - Whether swat is used or - /usr/local/etc/smb.conf is edited - directly, the first directives encountered when configuring - Samba are: + Settings that describe the network are added in + /usr/local/etc/smb4.conf: workgroup - The domain name or workgroup name for the - computers that will be accessing this server. + The name of the workgroup to be served. @@ -5157,7 +5128,7 @@ The NetBIOS name by which a Samba server is known. By - default it is the same as the first component of the + default, it is the same as the first component of the host's DNS name. @@ -5172,24 +5143,34 @@ about the server. + + + wins support + + + Whether Samba will + act as a WINS server. Do not + enable support for WINS on more than + one server on the network. + + Security Settings - Two of the most important settings in - /usr/local/etc/smb.conf are the - security model and the backend password format for client - users. The following directives control these - options: + The most important settings in + /usr/local/etc/smb4.conf are the + security model and the backend password format. These + directives control the options: security - The two most common options are + The most common settings are security = share and security = user. If the clients use usernames that are the same as their usernames on @@ -5217,30 +5198,29 @@ Samba has several different backend authentication models. Clients may be authenticated with LDAP, NIS+, an SQL database, - or a modified password file. The default - authentication method is smbpasswd, - and that is all that will be covered here. + or a modified password file. The recommended + authentication method, tdbsam, + is ideal for simple networks and is covered here. + For larger or more complex networks, + ldapsam is recommended. + smbpasswd + was the former default and is now obsolete. - Assuming that the default smbpasswd - backend is used, - /usr/local/etc/samba/smbpasswd - must be created to allow Samba to - authenticate clients. To provide &unix; user accounts - access from &windows; clients, use the following command to - add each required user to that file: + - &prompt.root; smbpasswd -a username + + <application>Samba</application> Users - - The recommended backend is now - tdbsam. If this backend is selected, - use the following command to add user accounts: + &os; user accounts must be mapped to the + SambaSAMAccount database for + &windows; clients to access the share. + Map existing &os; user accounts using + &man.pdbedit.8;: - &prompt.root; pdbedit -a -u username - + &prompt.root; pdbedit -a username This section has only mentioned the most commonly used settings. Refer to the samba_enable="YES" - Alternately, its services can be started - separately: - - nmbd_enable="YES" - - smbd_enable="YES" - To start Samba now: &prompt.root; service samba start @@ -5277,11 +5250,11 @@ separate daemons. Both the nmbd and smbd daemons are started by samba_enable. If winbind name resolution - services are enabled in smb.conf, the - winbindd daemon is started as - well. + is also required, set: + + winbindd_enable="YES" - Samba may be stopped at any + Samba can be stopped at any time by typing: &prompt.root; service samba stop Index: head/share/xml/man-refs.ent =================================================================== --- head/share/xml/man-refs.ent +++ head/share/xml/man-refs.ent @@ -5708,6 +5708,7 @@ pccardc8"> pccardd8"> pciconf8"> +pdbedit8"> periodic8"> pfctl8"> pflogd8"> @@ -5842,6 +5843,7 @@ sa8"> sade8"> savecore8"> +samba-tool8"> sconfig8"> scsi8"> scspd8">