Differential D6086 Diff 15776 en_US.ISO8859-1/books/handbook/network-servers/chapter.xml

Changeset View

Standalone View

en_US.ISO8859-1/books/handbook/network-servers/chapter.xml

Show First 20 Lines • Show All 5,059 Lines • ▼ Show 20 Lines	</author>
<para>On &os;, the <application>Samba</application> client		<para>On &os;, the <application>Samba</application> client
libraries can be installed using the		libraries can be installed using the
<package>net/samba-smbclient</package> port or package. The		<package>net/samba-smbclient</package> port or package. The
client provides the ability for a &os; system to access		client provides the ability for a &os; system to access
<acronym>SMB/CIFS</acronym> shares in a &microsoft.windows;		<acronym>SMB/CIFS</acronym> shares in a &microsoft.windows;
network.</para>		network.</para>

<para>A &os; system can also be configured to act as a		<para>A &os; system can also be configured to act as a
<application>Samba</application> server. This allows the		<application>Samba</application> server by installing the
		<package>net/samba43</package> port or package. This allows the
administrator to create <acronym>SMB/CIFS</acronym> shares on		administrator to create <acronym>SMB/CIFS</acronym> shares on
		wblockUnsubmitted Done Inline Actions This is really two acronyms, so should be marked up as: <acronym>SMB</acronym>/<acronym>CIFS</acronym> wblock: This is really two acronyms, so should be marked up as…
		sd_beastie.ioAuthorUnsubmitted Done Inline Actions Done. Breaking the line length rule to avoid whitespace only change. sd_beastie.io: Done. Breaking the line length rule to avoid whitespace only change.
the &os; system which can be accessed by clients running		the &os; system which can be accessed by clients running
&microsoft.windows; or the <application>Samba</application>		&microsoft.windows; or the <application>Samba</application>
client libraries. In order to configure a		client libraries.</para>
<application>Samba</application> server on &os;, the
<package>net/samba36</package> port or package must first be
installed. The rest of this section provides an overview of how
to configure a <application>Samba</application> server on
&os;.</para>

<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. -->

<sect2>		<sect2>
<title>Configuration</title>		<title>Server Configuration</title>

<para>A default <application>Samba</application> configuration		<para><application>Samba</application> is configured in
file is installed as		<filename>/usr/local/etc/smb4.conf</filename>. This file must
<filename>/usr/local/share/examples/samba36/smb.conf.default</filename>.		be created before <application>Samba</application>
This file must be copied to		can be used.</para>
<filename>/usr/local/etc/smb.conf</filename> and customized
before <application>Samba</application> can be used.</para>

<para>Runtime configuration information for		<para>A simple <filename>smb4.conf</filename> to share
<application>Samba</application> is found in		directories and printers with &windows; clients in a
<filename>smb.conf</filename>, such as definitions of the		workgroup is shown here. For more complex setups
printers and <quote>file system shares</quote> that will		involving LDAP or Active Directory, it is easier to use
be shared with &windows; clients. The		the &man.samba-tool.8; to create the initial
		wblockUnsubmitted Done Inline Actions Remove "the": s/the &man.samba-tool.8;/&man.samba-tool.8;/ wblock: Remove "the": s/the &man.samba-tool.8;/&man.samba-tool.8;/
<application>Samba</application> package includes a web based		<filename>smb4.conf</filename>.</para>
tool called <application>swat</application> which provides a
simple way for configuring
<filename>smb.conf</filename>.</para>

<sect3>		<programlisting>[global]
<title>Using the Samba Web Administration Tool (SWAT)</title>		workgroup = WORKGROUP
		server string = Samba Server Version %v
		netbios name = ExampleMachine
		wins support = Yes
		security = user
		passdb backend = tdbsam

<para>The Samba Web Administration Tool (SWAT) runs as a		# Example: share /usr/src accessible only to 'developer' user
daemon from <application>inetd</application>. Therefore,		[src]
<application>inetd</application> must be enabled as shown in		path = /usr/src
<xref linkend="network-inetd"/>. To enable		valid users = developer # the &unix; user mapped with pdbedit below
		wblockUnsubmitted Done Inline Actions Below... where? Better to use a callout for things that are not actually part of the file. wblock: Below... where? Better to use a callout for things that are not actually part of the file.
		sd_beastie.ioAuthorUnsubmitted Not Done Inline Actions Simplied to just the &unix; user. This will avoid the user to have to jump and text below explains it. sd_beastie.io: Simplied to just the &unix; user. This will avoid the user to have to jump and text below…
		wblockUnsubmitted Done Inline Actions Better, but the trailing comment is still confusing. I think it can just be removed, the comment above explains it. wblock: Better, but the trailing comment is still confusing. I think it can just be removed, the…
<application>swat</application>, uncomment the following		writable = yes
line in <filename>/etc/inetd.conf</filename>:</para>		browsable = yes
		read only = no
		guest ok = no
		public = no
		create mask = 0666
		directory mask = 0755</programlisting>

<programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting>

<para>As explained in <xref linkend="network-inetd-reread"/>,
the <application>inetd</application> configuration must be
reloaded after this configuration file is changed.</para>

<para>Once <application>swat</application> has been enabled,
use a web browser to connect to <uri
xlink:href="http://localhost:901">http://localhost:901</uri>.
At first login, enter the credentials for <systemitem
class="username">root</systemitem>.</para>

<!-- XXX screenshots go here, loader is creating them
XXXTR: I'll believe it when I see it. -->

<para>Once logged in, the main
<application>Samba</application> configuration page and the
system documentation will be available. Begin configuration
by clicking on the <guimenu>Globals</guimenu> tab. The
<guimenu>Globals</guimenu> section corresponds to the
variables that are set in the <literal>[global]</literal>
section of
<filename>/usr/local/etc/smb.conf</filename>.</para>
</sect3>

<sect3>		<sect3>
<title>Global Settings</title>		<title>Global Settings</title>

<para>Whether <application>swat</application> is used or		<para>A list of settings that describe the network need to be
<filename>/usr/local/etc/smb.conf</filename> is edited		added in
directly, the first directives encountered when configuring		<filename>/usr/local/etc/smb4.conf</filename>:</para>
		wblockUnsubmitted Done Inline Actions "A list of" is not needed. "Need to be" is kind of clunky. How about just "are"? Settings that describe the network are added in wblock: "A list of" is not needed. "Need to be" is kind of clunky. How about just "are"? ```Settings…
		wblockUnsubmitted Done Inline Actions Remove "are". wblock: Remove "are".
<application>Samba</application> are:</para>

<variablelist>		<variablelist>
<varlistentry>		<varlistentry>
<term><literal>workgroup</literal></term>		<term><literal>workgroup</literal></term>

<listitem>		<listitem>
<para>The domain name or workgroup name for the		<para>The name of the workgroup to be served.</para>
computers that will be accessing this server.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>

<varlistentry>		<varlistentry>
<term><literal>netbios name</literal></term>		<term><literal>netbios name</literal></term>

<listitem>		<listitem>
<para>The NetBIOS name by which a		<para>The NetBIOS name by which a
<application>Samba</application> server is known. By		<application>Samba</application> server is known. By
default it is the same as the first component of the		default it is the same as the first component of the
		wblockUnsubmitted Done Inline Actions Needs a comma after "default": s/default/default,/ wblock: Needs a comma after "default": s/default/default,/
host's <acronym>DNS</acronym> name.</para>		host's <acronym>DNS</acronym> name.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>

<varlistentry>		<varlistentry>
<term><literal>server string</literal></term>		<term><literal>server string</literal></term>

<listitem>		<listitem>
<para>The string that will be displayed in the output of		<para>The string that will be displayed in the output of
<command>net view</command> and some other		<command>net view</command> and some other
networking tools that seek to display descriptive text		networking tools that seek to display descriptive text
about the server.</para>		about the server.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>

		<varlistentry>
		<term><literal>wins support</literal></term>

		<listitem>
		<para>Whether <application>Samba</application> will
		act as a WINS server. Do not enable <literal>WINS
		wblockUnsubmitted Done Inline Actions Wait, is "WINS" upper or lower case? It is shown both ways here. If the setting is lowercase, it should only be shown that way here. wblock: Wait, is "WINS" upper or lower case? It is shown both ways here. If the setting is lowercase…
		sd_beastie.ioAuthorUnsubmitted Not Done Inline Actions Should be an acronym for both instances in this sentence. Re-worded it to clarify. sd_beastie.io: Should be an acronym for both instances in this sentence. Re-worded it to clarify.
		support</literal> on more than one machine on the
		wblockUnsubmitted Done Inline Actions "machine" is really vague. I suspect this is really saying "more than one server on the network", but am not sure. wblock: "machine" is really vague. I suspect this is really saying "more than one server on the…
		network.</para>
		</listitem>
		</varlistentry>
</variablelist>		</variablelist>
</sect3>		</sect3>

<sect3>		<sect3>
<title>Security Settings</title>		<title>Security Settings</title>

<para>Two of the most important settings in		<para>Two of the most important settings in
<filename>/usr/local/etc/smb.conf</filename> are the		<filename>/usr/local/etc/smb4.conf</filename> are the
		wblockUnsubmitted Done Inline Actions Don't count options, because that inevitably gets out of sync. How about just: The most important settings in wblock: Don't count options, because that inevitably gets out of sync. How about just: ```The most…
security model and the backend password format for client		security model and the backend password format. These
users. The following directives control these		directives control the options:</para>
options:</para>

<variablelist>		<variablelist>
<varlistentry>		<varlistentry>
<term><literal>security</literal></term>		<term><literal>security</literal></term>

<listitem>		<listitem>
<para>The two most common options are		<para>The most common options are
		wblockUnsubmitted Done Inline Actions Should probably be "settings" instead of "options". wblock: Should probably be "settings" instead of "options".
<literal>security = share</literal> and		<literal>security = share</literal> and
<literal>security = user</literal>. If the clients		<literal>security = user</literal>. If the clients
use usernames that are the same as their usernames on		use usernames that are the same as their usernames on
the &os; machine, user level security should be		the &os; machine, user level security should be
used. This is the default security policy and it		used. This is the default security policy and it
requires clients to first log on before they can		requires clients to first log on before they can
access shared resources.</para>		access shared resources.</para>

Show All 11 Lines	<varlistentry>
<listitem>		<listitem>
<indexterm><primary>NIS+</primary></indexterm>		<indexterm><primary>NIS+</primary></indexterm>
<indexterm><primary>LDAP</primary></indexterm>		<indexterm><primary>LDAP</primary></indexterm>
<indexterm><primary>SQL database</primary></indexterm>		<indexterm><primary>SQL database</primary></indexterm>

<para><application>Samba</application> has several		<para><application>Samba</application> has several
different backend authentication models. Clients may		different backend authentication models. Clients may
be authenticated with LDAP, NIS+, an SQL database,		be authenticated with LDAP, NIS+, an SQL database,
or a modified password file. The default		or a modified password file. The recommended
authentication method is <literal>smbpasswd</literal>,		authentication method, <literal>tdbsam</literal>,
and that is all that will be covered here.</para>		covered here is ideal for simple networks.
		wblockUnsubmitted Done Inline Actions "covered here" is out of place. Better to relocate it (or remove it): is ideal for simple networks and is covered here. wblock: "covered here" is out of place. Better to relocate it (or remove it): ```is ideal for simple…
		For larger or more complex networks,
		<literal>ldapsam</literal> is recommended.
		<literal>smbpasswd</literal>
		was the former default and is now considered
		wblockUnsubmitted Done Inline Actions Maybe clearer to remove "considered" and just say "...is now obsolete." wblock: Maybe clearer to remove "considered" and just say "...is now obsolete."
		obsolete.</para>
</listitem>		</listitem>
</varlistentry>		</varlistentry>
</variablelist>		</variablelist>

<para>Assuming that the default <literal>smbpasswd</literal>		</sect3>
backend is used,
<filename>/usr/local/etc/samba/smbpasswd</filename>
must be created to allow <application>Samba</application> to
authenticate clients. To provide &unix; user accounts
access from &windows; clients, use the following command to
add each required user to that file:</para>

<screen>&prompt.root; <userinput>smbpasswd -a <replaceable>username</replaceable></userinput></screen>		<sect3>
		<title><application>Samba</application> Users</title>

<note>		<para>&os; user accounts must be mapped to the
<para>The recommended backend is now		<literal>SambaSAMAccount</literal> database for
<literal>tdbsam</literal>. If this backend is selected,		&windows; clients to access the share.
use the following command to add user accounts:</para>		Map existing &os; user accounts using
		<application>pdbedit</application>:</para>

<screen>&prompt.root; <userinput>pdbedit -a -u <replaceable>username</replaceable></userinput></screen>		<screen>&prompt.root; <userinput>pdbedit -a <replaceable>username</replaceable></userinput></screen>

		<note>
		<para>The &man.pdbedit.8; tool, like the &man.smbpasswd.8;
		tool, requires that a user account already exists in the
		system accounts database. Neither tool will call out to
		the operating system to create a user account because
		this is considered to be the responsibility of the system
		administrator. Before attempting to use the pdbedit tool
		to manage user and machine accounts, make certain that
		a system account has already been created.</para>
</note>		</note>

<para>This section has only mentioned the most commonly used		<para>This section has only mentioned the most commonly used
settings. Refer to the <link		settings. Refer to the <link
xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official		xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official
Samba HOWTO</link> for additional information about the		Samba HOWTO</link> for additional information about the
available configuration options.</para>		available configuration options.</para>
</sect3>		</sect3>
</sect2>		</sect2>

<sect2>		<sect2>
<title>Starting <application>Samba</application></title>		<title>Starting <application>Samba</application></title>

<para>To enable <application>Samba</application> at boot time,		<para>To enable <application>Samba</application> at boot time,
add the following line to		add the following line to
<filename>/etc/rc.conf</filename>:</para>		<filename>/etc/rc.conf</filename>:</para>

<programlisting>samba_enable="YES"</programlisting>		<programlisting>samba_enable="YES"</programlisting>

<para>Alternately, its services can be started
separately:</para>

<programlisting>nmbd_enable="YES"</programlisting>

<programlisting>smbd_enable="YES"</programlisting>

<para>To start <application>Samba</application> now:</para>		<para>To start <application>Samba</application> now:</para>

<screen>&prompt.root; <userinput>service samba start</userinput>		<screen>&prompt.root; <userinput>service samba start</userinput>
Starting SAMBA: removing stale tdbs :		Starting SAMBA: removing stale tdbs :
Starting nmbd.		Starting nmbd.
Starting smbd.</screen>		Starting smbd.</screen>

<para><application>Samba</application> consists of three		<para><application>Samba</application> consists of three
separate daemons. Both the <application>nmbd</application>		separate daemons. Both the <application>nmbd</application>
and <application>smbd</application> daemons are started by		and <application>smbd</application> daemons are started by
<varname>samba_enable</varname>. If winbind name resolution		<varname>samba_enable</varname>. If winbind name resolution
services are enabled in <filename>smb.conf</filename>, the		services are enabled in <filename>smb4.conf</filename>, the
<application>winbindd</application> daemon is started as		<application>winbindd</application> daemon is started as
well.</para>		well.</para>
		wblockUnsubmitted Done Inline Actions To the reader, that sentence is a bit vague and sounds like winbindd is enabled and started automatically. Is it, or does the user need to enable it? wblock: To the reader, that sentence is a bit vague and sounds like winbindd is enabled and started…
		wblockUnsubmitted Done Inline Actions I don't understand what the sentence is saying now. There is a plural/singular confusion (services are/it can be). Also the method of how it is started is not really shown. So overall: If winbind name resolution is also required, set:</para> <programlisting>winbindd_enable="YES"</programlisting> wblock: I don't understand what the sentence is saying now. There is a plural/singular confusion…

<para><application>Samba</application> may be stopped at any		<para><application>Samba</application> may be stopped at any
		wblockUnsubmitted Done Inline Actions s/may/can/ wblock: s/may/can/
time by typing:</para>		time by typing:</para>

<screen>&prompt.root; <userinput>service samba stop</userinput></screen>		<screen>&prompt.root; <userinput>service samba stop</userinput></screen>

<para><application>Samba</application> is a complex software		<para><application>Samba</application> is a complex software
suite with functionality that allows broad integration with		suite with functionality that allows broad integration with
&microsoft.windows; networks. For more information about		&microsoft.windows; networks. For more information about
functionality beyond the basic configuration described here,		functionality beyond the basic configuration described here,
▲ Show 20 Lines • Show All 520 Lines • Show Last 20 Lines