Index: network-servers/chapter.xml
===================================================================
--- network-servers/chapter.xml
+++ network-servers/chapter.xml
@@ -5071,73 +5071,51 @@
µsoft.windows; or the Samba
client libraries. In order to configure a
Samba server on &os;, the
- net/samba36 port or package must first be
+ net/samba43 port or package must first be
installed. The rest of this section provides an overview of how
to configure a Samba server on
&os;.
-
-
Configuration
- A default Samba configuration
- file is installed as
- /usr/local/share/examples/samba36/smb.conf.default.
- This file must be copied to
- /usr/local/etc/smb.conf and customized
- before Samba can be used.
+ Runtime configuration for Samba
+ is defined in /usr/local/etc/smb4.conf
+ and this file must be created before
+ Samba can be used.
- Runtime configuration information for
- Samba is found in
- smb.conf, such as definitions of the
- printers and file system shares
that will
- be shared with &windows; clients. The
- Samba package includes a web based
- tool called swat which provides a
- simple way for configuring
- smb.conf.
+ A simple smb4.conf to share
+ directories and printers with &windows; clients in a
+ workgroup can be edited manually. For more complex setups
+ involving LDAP or Active Directory, it is recommended that
+ administrators use samba-tool
+ to create the initial smb4.conf.
-
- Using the Samba Web Administration Tool (SWAT)
+ [global]
+workgroup = WORKGROUP
+server string = Samba Server Version %v
+netbios name = ExampleMachine
+wins support = Yes
+security = user
+passdb backend = tdbsam
- The Samba Web Administration Tool (SWAT) runs as a
- daemon from inetd. Therefore,
- inetd must be enabled as shown in
- . To enable
- swat, uncomment the following
- line in /etc/inetd.conf:
+# Example: share /usr/src accessible only to 'developer' user
+[src]
+path = /usr/src
+valid users = developer # the &unix; user mapped with pdbedit below
+writable = yes
+browsable = yes
+read only = no
+guest ok = no
+public = no
+create mask = 0666
+directory mask = 0755
- swat stream tcp nowait/400 root /usr/local/sbin/swat swat
-
- As explained in ,
- the inetd configuration must be
- reloaded after this configuration file is changed.
-
- Once swat has been enabled,
- use a web browser to connect to http://localhost:901.
- At first login, enter the credentials for root.
-
-
-
- Once logged in, the main
- Samba configuration page and the
- system documentation will be available. Begin configuration
- by clicking on the Globals tab. The
- Globals section corresponds to the
- variables that are set in the [global]
- section of
- /usr/local/etc/smb.conf.
-
-
Global Settings
- Whether swat is used or
- /usr/local/etc/smb.conf is edited
+ Whether samba-tool is used or
+ /usr/local/etc/smb4.conf is edited
directly, the first directives encountered when configuring
Samba are:
@@ -5146,7 +5124,7 @@
workgroup
- The domain name or workgroup name for the
+ The workgroup name for the
computers that will be accessing this server.
@@ -5172,6 +5150,17 @@
about the server.
+
+
+ wins support
+
+
+ Whether Samba should
+ act as a WINS server. Note that you should not set
+ this to yes on more than one machine in your
+ network.
+
+
@@ -5179,7 +5168,7 @@
Security Settings
Two of the most important settings in
- /usr/local/etc/smb.conf are the
+ /usr/local/etc/smb4.conf are the
security model and the backend password format for client
users. The following directives control these
options:
@@ -5217,29 +5206,41 @@
Samba has several
different backend authentication models. Clients may
be authenticated with LDAP, NIS+, an SQL database,
- or a modified password file. The default
- authentication method is smbpasswd,
- and that is all that will be covered here.
+ or a modified password file. The recommended
+ authentication method tdbsam
+ is covered here, which is ideal for simple setups.
+ For larger or more complex setups,
+ ldapsam is recommended.
+ smbpasswd
+ used to be the default but is now considered
+ obsolete.
- Assuming that the default smbpasswd
- backend is used,
- /usr/local/etc/samba/smbpasswd
- must be created to allow Samba to
- authenticate clients. To provide &unix; user accounts
- access from &windows; clients, use the following command to
- add each required user to that file:
+
- &prompt.root; smbpasswd -a username
+
+ <application>Samba</application> Users
+ Assuming that the default tdbsam
+ backend is being used, users must be mapped to
+ the SambaSAMAccount database
+ before the shares can be accessed from &windows; clients.
+ Map existing &unix; user accounts using
+ pdbedit:
+
+ &prompt.root; pdbedit -a username
+
- The recommended backend is now
- tdbsam. If this backend is selected,
- use the following command to add user accounts:
-
- &prompt.root; pdbedit -a -u username
+ The pdbedit tool, like the smbpasswd tool, requires
+ that a user account already exists in the system
+ accounts database. Neither tool will call out to the
+ operating system to create a user account because this is
+ considered to be the responsibility of the system
+ administrator. Before attempting to use the pdbedit tool
+ to manage user and machine accounts, make certain that
+ a system account has already been created.
This section has only mentioned the most commonly used
@@ -5259,13 +5260,6 @@
samba_enable="YES"
- Alternately, its services can be started
- separately:
-
- nmbd_enable="YES"
-
- smbd_enable="YES"
-
To start Samba now:
&prompt.root; service samba start
@@ -5277,7 +5271,7 @@
separate daemons. Both the nmbd
and smbd daemons are started by
samba_enable. If winbind name resolution
- services are enabled in smb.conf, the
+ services are enabled in smb4.conf, the
winbindd daemon is started as
well.