Changeset View
Standalone View
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Show First 20 Lines • Show All 5,059 Lines • ▼ Show 20 Lines | </author> | ||||
<para>On &os;, the <application>Samba</application> client | <para>On &os;, the <application>Samba</application> client | ||||
libraries can be installed using the | libraries can be installed using the | ||||
<package>net/samba-smbclient</package> port or package. The | <package>net/samba-smbclient</package> port or package. The | ||||
client provides the ability for a &os; system to access | client provides the ability for a &os; system to access | ||||
<acronym>SMB/CIFS</acronym> shares in a µsoft.windows; | <acronym>SMB/CIFS</acronym> shares in a µsoft.windows; | ||||
network.</para> | network.</para> | ||||
<para>A &os; system can also be configured to act as a | <para>A &os; system can also be configured to act as a | ||||
<application>Samba</application> server. This allows the | <application>Samba</application> server by installing the | ||||
<package>net/samba43</package> port or package. This allows the | |||||
administrator to create <acronym>SMB/CIFS</acronym> shares on | administrator to create <acronym>SMB/CIFS</acronym> shares on | ||||
wblock: This is really two acronyms, so should be marked up as… | |||||
Done Inline ActionsDone. Breaking the line length rule to avoid whitespace only change. sd_beastie.io: Done. Breaking the line length rule to avoid whitespace only change. | |||||
the &os; system which can be accessed by clients running | the &os; system which can be accessed by clients running | ||||
µsoft.windows; or the <application>Samba</application> | µsoft.windows; or the <application>Samba</application> | ||||
client libraries. In order to configure a | client libraries.</para> | ||||
<application>Samba</application> server on &os;, the | |||||
<package>net/samba36</package> port or package must first be | |||||
installed. The rest of this section provides an overview of how | |||||
to configure a <application>Samba</application> server on | |||||
&os;.</para> | |||||
<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. --> | |||||
<sect2> | <sect2> | ||||
<title>Configuration</title> | <title>Server Configuration</title> | ||||
<para>A default <application>Samba</application> configuration | <para><application>Samba</application> is configured in | ||||
file is installed as | <filename>/usr/local/etc/smb4.conf</filename>. This file must | ||||
<filename>/usr/local/share/examples/samba36/smb.conf.default</filename>. | be created before <application>Samba</application> | ||||
This file must be copied to | can be used.</para> | ||||
<filename>/usr/local/etc/smb.conf</filename> and customized | |||||
before <application>Samba</application> can be used.</para> | |||||
<para>Runtime configuration information for | <para>A simple <filename>smb4.conf</filename> to share | ||||
<application>Samba</application> is found in | directories and printers with &windows; clients in a | ||||
<filename>smb.conf</filename>, such as definitions of the | workgroup is shown here. For more complex setups | ||||
printers and <quote>file system shares</quote> that will | involving LDAP or Active Directory, it is easier to use | ||||
be shared with &windows; clients. The | the &man.samba-tool.8; to create the initial | ||||
Done Inline ActionsRemove "the": wblock: Remove "the":
s/the &man.samba-tool.8;/&man.samba-tool.8;/ | |||||
<application>Samba</application> package includes a web based | <filename>smb4.conf</filename>.</para> | ||||
tool called <application>swat</application> which provides a | |||||
simple way for configuring | |||||
<filename>smb.conf</filename>.</para> | |||||
<sect3> | <programlisting>[global] | ||||
<title>Using the Samba Web Administration Tool (SWAT)</title> | workgroup = WORKGROUP | ||||
server string = Samba Server Version %v | |||||
netbios name = ExampleMachine | |||||
wins support = Yes | |||||
security = user | |||||
passdb backend = tdbsam | |||||
<para>The Samba Web Administration Tool (SWAT) runs as a | # Example: share /usr/src accessible only to 'developer' user | ||||
daemon from <application>inetd</application>. Therefore, | [src] | ||||
<application>inetd</application> must be enabled as shown in | path = /usr/src | ||||
<xref linkend="network-inetd"/>. To enable | valid users = developer # the &unix; user mapped with pdbedit below | ||||
Done Inline ActionsBelow... where? Better to use a callout for things that are not actually part of the file. wblock: Below... where? Better to use a callout for things that are not actually part of the file. | |||||
Not Done Inline ActionsSimplied to just the &unix; user. This will avoid the user to have to jump and text below explains it. sd_beastie.io: Simplied to just the &unix; user. This will avoid the user to have to jump and text below… | |||||
Done Inline ActionsBetter, but the trailing comment is still confusing. I think it can just be removed, the comment above explains it. wblock: Better, but the trailing comment is still confusing. I think it can just be removed, the… | |||||
<application>swat</application>, uncomment the following | writable = yes | ||||
line in <filename>/etc/inetd.conf</filename>:</para> | browsable = yes | ||||
read only = no | |||||
guest ok = no | |||||
public = no | |||||
create mask = 0666 | |||||
directory mask = 0755</programlisting> | |||||
<programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting> | |||||
<para>As explained in <xref linkend="network-inetd-reread"/>, | |||||
the <application>inetd</application> configuration must be | |||||
reloaded after this configuration file is changed.</para> | |||||
<para>Once <application>swat</application> has been enabled, | |||||
use a web browser to connect to <uri | |||||
xlink:href="http://localhost:901">http://localhost:901</uri>. | |||||
At first login, enter the credentials for <systemitem | |||||
class="username">root</systemitem>.</para> | |||||
<!-- XXX screenshots go here, loader is creating them | |||||
XXXTR: I'll believe it when I see it. --> | |||||
<para>Once logged in, the main | |||||
<application>Samba</application> configuration page and the | |||||
system documentation will be available. Begin configuration | |||||
by clicking on the <guimenu>Globals</guimenu> tab. The | |||||
<guimenu>Globals</guimenu> section corresponds to the | |||||
variables that are set in the <literal>[global]</literal> | |||||
section of | |||||
<filename>/usr/local/etc/smb.conf</filename>.</para> | |||||
</sect3> | |||||
<sect3> | <sect3> | ||||
<title>Global Settings</title> | <title>Global Settings</title> | ||||
<para>Whether <application>swat</application> is used or | <para>A list of settings that describe the network need to be | ||||
<filename>/usr/local/etc/smb.conf</filename> is edited | added in | ||||
directly, the first directives encountered when configuring | <filename>/usr/local/etc/smb4.conf</filename>:</para> | ||||
Done Inline Actions"A list of" is not needed. "Need to be" is kind of clunky. How about just "are"? Settings that describe the network are added in wblock: "A list of" is not needed. "Need to be" is kind of clunky. How about just "are"?
```Settings… | |||||
Done Inline ActionsRemove "are". wblock: Remove "are". | |||||
<application>Samba</application> are:</para> | |||||
<variablelist> | <variablelist> | ||||
<varlistentry> | <varlistentry> | ||||
<term><literal>workgroup</literal></term> | <term><literal>workgroup</literal></term> | ||||
<listitem> | <listitem> | ||||
<para>The domain name or workgroup name for the | <para>The name of the workgroup to be served.</para> | ||||
computers that will be accessing this server.</para> | |||||
</listitem> | </listitem> | ||||
</varlistentry> | </varlistentry> | ||||
<varlistentry> | <varlistentry> | ||||
<term><literal>netbios name</literal></term> | <term><literal>netbios name</literal></term> | ||||
<listitem> | <listitem> | ||||
<para>The NetBIOS name by which a | <para>The NetBIOS name by which a | ||||
<application>Samba</application> server is known. By | <application>Samba</application> server is known. By | ||||
default it is the same as the first component of the | default it is the same as the first component of the | ||||
Done Inline ActionsNeeds a comma after "default": wblock: Needs a comma after "default":
s/default/default,/ | |||||
host's <acronym>DNS</acronym> name.</para> | host's <acronym>DNS</acronym> name.</para> | ||||
</listitem> | </listitem> | ||||
</varlistentry> | </varlistentry> | ||||
<varlistentry> | <varlistentry> | ||||
<term><literal>server string</literal></term> | <term><literal>server string</literal></term> | ||||
<listitem> | <listitem> | ||||
<para>The string that will be displayed in the output of | <para>The string that will be displayed in the output of | ||||
<command>net view</command> and some other | <command>net view</command> and some other | ||||
networking tools that seek to display descriptive text | networking tools that seek to display descriptive text | ||||
about the server.</para> | about the server.</para> | ||||
</listitem> | </listitem> | ||||
</varlistentry> | </varlistentry> | ||||
<varlistentry> | |||||
<term><literal>wins support</literal></term> | |||||
<listitem> | |||||
<para>Whether <application>Samba</application> will | |||||
act as a WINS server. Do not enable <literal>WINS | |||||
Done Inline ActionsWait, is "WINS" upper or lower case? It is shown both ways here. If the setting is lowercase, it should only be shown that way here. wblock: Wait, is "WINS" upper or lower case? It is shown both ways here. If the setting is lowercase… | |||||
Not Done Inline ActionsShould be an acronym for both instances in this sentence. Re-worded it to clarify. sd_beastie.io: Should be an acronym for both instances in this sentence. Re-worded it to clarify. | |||||
support</literal> on more than one machine on the | |||||
Done Inline Actions"machine" is really vague. I suspect this is really saying "more than one *server* on the network", but am not sure. wblock: "machine" is really vague. I suspect this is really saying "more than one *server* on the… | |||||
network.</para> | |||||
</listitem> | |||||
</varlistentry> | |||||
</variablelist> | </variablelist> | ||||
</sect3> | </sect3> | ||||
<sect3> | <sect3> | ||||
<title>Security Settings</title> | <title>Security Settings</title> | ||||
<para>Two of the most important settings in | <para>Two of the most important settings in | ||||
<filename>/usr/local/etc/smb.conf</filename> are the | <filename>/usr/local/etc/smb4.conf</filename> are the | ||||
Done Inline ActionsDon't count options, because that inevitably gets out of sync. How about just: The most important settings in wblock: Don't count options, because that inevitably gets out of sync. How about just:
```The most… | |||||
security model and the backend password format for client | security model and the backend password format. These | ||||
users. The following directives control these | directives control the options:</para> | ||||
options:</para> | |||||
<variablelist> | <variablelist> | ||||
<varlistentry> | <varlistentry> | ||||
<term><literal>security</literal></term> | <term><literal>security</literal></term> | ||||
<listitem> | <listitem> | ||||
<para>The two most common options are | <para>The most common options are | ||||
Done Inline ActionsShould probably be "settings" instead of "options". wblock: Should probably be "settings" instead of "options". | |||||
<literal>security = share</literal> and | <literal>security = share</literal> and | ||||
<literal>security = user</literal>. If the clients | <literal>security = user</literal>. If the clients | ||||
use usernames that are the same as their usernames on | use usernames that are the same as their usernames on | ||||
the &os; machine, user level security should be | the &os; machine, user level security should be | ||||
used. This is the default security policy and it | used. This is the default security policy and it | ||||
requires clients to first log on before they can | requires clients to first log on before they can | ||||
access shared resources.</para> | access shared resources.</para> | ||||
Show All 11 Lines | <varlistentry> | ||||
<listitem> | <listitem> | ||||
<indexterm><primary>NIS+</primary></indexterm> | <indexterm><primary>NIS+</primary></indexterm> | ||||
<indexterm><primary>LDAP</primary></indexterm> | <indexterm><primary>LDAP</primary></indexterm> | ||||
<indexterm><primary>SQL database</primary></indexterm> | <indexterm><primary>SQL database</primary></indexterm> | ||||
<para><application>Samba</application> has several | <para><application>Samba</application> has several | ||||
different backend authentication models. Clients may | different backend authentication models. Clients may | ||||
be authenticated with LDAP, NIS+, an SQL database, | be authenticated with LDAP, NIS+, an SQL database, | ||||
or a modified password file. The default | or a modified password file. The recommended | ||||
authentication method is <literal>smbpasswd</literal>, | authentication method, <literal>tdbsam</literal>, | ||||
and that is all that will be covered here.</para> | covered here is ideal for simple networks. | ||||
Done Inline Actions"covered here" is out of place. Better to relocate it (or remove it): is ideal for simple networks and is covered here. wblock: "covered here" is out of place. Better to relocate it (or remove it):
```is ideal for simple… | |||||
For larger or more complex networks, | |||||
<literal>ldapsam</literal> is recommended. | |||||
<literal>smbpasswd</literal> | |||||
was the former default and is now considered | |||||
Done Inline ActionsMaybe clearer to remove "considered" and just say "...is now obsolete." wblock: Maybe clearer to remove "considered" and just say "...is now obsolete." | |||||
obsolete.</para> | |||||
</listitem> | </listitem> | ||||
</varlistentry> | </varlistentry> | ||||
</variablelist> | </variablelist> | ||||
<para>Assuming that the default <literal>smbpasswd</literal> | </sect3> | ||||
backend is used, | |||||
<filename>/usr/local/etc/samba/smbpasswd</filename> | |||||
must be created to allow <application>Samba</application> to | |||||
authenticate clients. To provide &unix; user accounts | |||||
access from &windows; clients, use the following command to | |||||
add each required user to that file:</para> | |||||
<screen>&prompt.root; <userinput>smbpasswd -a <replaceable>username</replaceable></userinput></screen> | <sect3> | ||||
<title><application>Samba</application> Users</title> | |||||
<note> | <para>&os; user accounts must be mapped to the | ||||
<para>The recommended backend is now | <literal>SambaSAMAccount</literal> database for | ||||
<literal>tdbsam</literal>. If this backend is selected, | &windows; clients to access the share. | ||||
use the following command to add user accounts:</para> | Map existing &os; user accounts using | ||||
<application>pdbedit</application>:</para> | |||||
<screen>&prompt.root; <userinput>pdbedit -a -u <replaceable>username</replaceable></userinput></screen> | <screen>&prompt.root; <userinput>pdbedit -a <replaceable>username</replaceable></userinput></screen> | ||||
<note> | |||||
<para>The &man.pdbedit.8; tool, like the &man.smbpasswd.8; | |||||
tool, requires that a user account already exists in the | |||||
system accounts database. Neither tool will call out to | |||||
the operating system to create a user account because | |||||
this is considered to be the responsibility of the system | |||||
administrator. Before attempting to use the pdbedit tool | |||||
to manage user and machine accounts, make certain that | |||||
a system account has already been created.</para> | |||||
</note> | </note> | ||||
<para>This section has only mentioned the most commonly used | <para>This section has only mentioned the most commonly used | ||||
settings. Refer to the <link | settings. Refer to the <link | ||||
xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official | xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official | ||||
Samba HOWTO</link> for additional information about the | Samba HOWTO</link> for additional information about the | ||||
available configuration options.</para> | available configuration options.</para> | ||||
</sect3> | </sect3> | ||||
</sect2> | </sect2> | ||||
<sect2> | <sect2> | ||||
<title>Starting <application>Samba</application></title> | <title>Starting <application>Samba</application></title> | ||||
<para>To enable <application>Samba</application> at boot time, | <para>To enable <application>Samba</application> at boot time, | ||||
add the following line to | add the following line to | ||||
<filename>/etc/rc.conf</filename>:</para> | <filename>/etc/rc.conf</filename>:</para> | ||||
<programlisting>samba_enable="YES"</programlisting> | <programlisting>samba_enable="YES"</programlisting> | ||||
<para>Alternately, its services can be started | |||||
separately:</para> | |||||
<programlisting>nmbd_enable="YES"</programlisting> | |||||
<programlisting>smbd_enable="YES"</programlisting> | |||||
<para>To start <application>Samba</application> now:</para> | <para>To start <application>Samba</application> now:</para> | ||||
<screen>&prompt.root; <userinput>service samba start</userinput> | <screen>&prompt.root; <userinput>service samba start</userinput> | ||||
Starting SAMBA: removing stale tdbs : | Starting SAMBA: removing stale tdbs : | ||||
Starting nmbd. | Starting nmbd. | ||||
Starting smbd.</screen> | Starting smbd.</screen> | ||||
<para><application>Samba</application> consists of three | <para><application>Samba</application> consists of three | ||||
separate daemons. Both the <application>nmbd</application> | separate daemons. Both the <application>nmbd</application> | ||||
and <application>smbd</application> daemons are started by | and <application>smbd</application> daemons are started by | ||||
<varname>samba_enable</varname>. If winbind name resolution | <varname>samba_enable</varname>. If winbind name resolution | ||||
services are enabled in <filename>smb.conf</filename>, the | services are enabled in <filename>smb4.conf</filename>, the | ||||
<application>winbindd</application> daemon is started as | <application>winbindd</application> daemon is started as | ||||
well.</para> | well.</para> | ||||
Done Inline ActionsTo the reader, that sentence is a bit vague and sounds like winbindd is enabled and started automatically. Is it, or does the user need to enable it? wblock: To the reader, that sentence is a bit vague and sounds like winbindd is enabled and started… | |||||
Done Inline ActionsI don't understand what the sentence is saying now. There is a plural/singular confusion (services are/it can be). Also the method of how it is started is not really shown. So overall: If winbind name resolution is also required, set:</para> <programlisting>winbindd_enable="YES"</programlisting> wblock: I don't understand what the sentence is saying now. There is a plural/singular confusion… | |||||
<para><application>Samba</application> may be stopped at any | <para><application>Samba</application> may be stopped at any | ||||
Done Inline Actionss/may/can/ wblock: s/may/can/ | |||||
time by typing:</para> | time by typing:</para> | ||||
<screen>&prompt.root; <userinput>service samba stop</userinput></screen> | <screen>&prompt.root; <userinput>service samba stop</userinput></screen> | ||||
<para><application>Samba</application> is a complex software | <para><application>Samba</application> is a complex software | ||||
suite with functionality that allows broad integration with | suite with functionality that allows broad integration with | ||||
µsoft.windows; networks. For more information about | µsoft.windows; networks. For more information about | ||||
functionality beyond the basic configuration described here, | functionality beyond the basic configuration described here, | ||||
▲ Show 20 Lines • Show All 520 Lines • Show Last 20 Lines |
This is really two acronyms, so should be marked up as: