[拼湊]samba簡明手冊

陳小奚

Samba簡明手冊

Illusion Chen

Samba簡介

Samba是Andrew Tridgell在1991年（和Linux誕生的時間接近）編寫的，當(dāng)時他想在他的DOS客戶機(jī)上mount Unix server的磁盤，但他發(fā)現(xiàn)無法同時使用Sun的NFS協(xié)議，于是，連Socket（套接字）都不熟悉的他開始嘗試自己在PC機(jī)上實現(xiàn)NFS，經(jīng)過不斷摸索，他開發(fā)了一個包監(jiān)聽程序來反向解析SMB協(xié)議，終于在自己的計算機(jī)上實現(xiàn)了NFS Mount。到1992年1月，他完成了0.1版，稱為Server 0.1。但由于得到了X終端，他放棄了進(jìn)一步的開發(fā)。直到1994年底， Andrew Tridgell需要在Windows PC連接Linux系統(tǒng)，Adrew Tridgell才重新開始在Linux上開發(fā)Samba，以支持Windows的改變，增加了對ACL、LDAP協(xié)議、Windows DFS文件系統(tǒng)、信任關(guān)系等方面的支持。
（簡單來說，安裝samba之后可使Unix/linux server支持NetBIOS/NetBEUI協(xié)議的通信方式。）

Samba服務(wù)做什么
* 在網(wǎng)絡(luò)上共享文件目錄，就像文件服務(wù)器。
* 在網(wǎng)絡(luò)上共享打印機(jī)。
* 提供部分類似Windows PDC的用戶安全控制功能。包括域,信任關(guān)系等.

Samba下載安裝

Samba下載站點：
http://www.samba.org
ftp://ftp.samba.org
http://sunfreeware.com
Samba的可下載版本包括二進(jìn)制程序binary package、源碼版本。下載回來的壓縮包一般需要用gunzip,tar來解壓縮包。有的包在解壓縮后即可通過運行一個script來自動編譯生成軟件包，然后通過packageadd –d來安裝samba了。在solaris下，samba通常被安裝在/usr/local/samba下。

安裝
./configure (- -help/- -prefix=/dir)
./make (需要gcc等編譯工具或lib包等)
./make install

啟動Samba

一般在安裝samba包后,會在/etc/rc2.d目錄下建立一個啟動腳本.如果沒有,那我們也可以創(chuàng)建一個script，主要是做samba,smbd,nmbd的啟動.

1. #!/bin/sh
   
2. # ident  "@(#)samba.server 1.0   96/06/19 TK"    /* SVr4.0 1.1.13.1*/
   
3. #
   
4. # Please send info on modifications to knuutila@cs.utu.fi
   
5. #
   
6. # Changed 20031008
   
7. # This file should have uid root, gid sys and chmod 744
   
8. #
   
9. ulimit -n 1024
   
10. if [ ! -d /usr/bin ]
    
11. then                    # /usr not mounted
    
12.         exit
    
13. fi
    
14. 
    
15. killproc() {            # kill the named process(es)
    
16.         pid=`/usr/bin/ps -e |
    
17.              /usr/bin/grep -w $1 |
    
18.              /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
    
19.         [ "$pid" != "" ] && kill $pid
    
20. }
    
21. 
    
22. # Start/stop processes required for samba server
    
23. 
    
24. case "$1" in
    
25. 
    
26. 'start')
    
27. #
    
28. # Edit these lines to suit your installation (paths, workgroup, host)
    
29. #
    
30.    /usr/local/samba/bin/smbd -D
    
31.    /usr/local/samba/bin/nmbd -D
    
32.    echo "Samba services started"
    
33.    ;;
    
34. 'stop')
    
35.    killproc nmbd
    
36.    killproc smbd
    
37.    echo "Samba services stopped"
    
38.    ;;
    
39. *)
    
40.    echo "Usage: /etc/init.d/samba.server { start | stop }"
    
41.    ;;
    
42. esac
    

復(fù)制代碼

將它保存在/etc/rc2.d或/etc/rc3.d下，命名為S99samba.server即可。

配置Samba

1，        安全級別
samba的安全級別通常有三種：share、user/server、domain。
Share的級別最寬松，不需要用戶名和密碼。User則需要用戶名和密碼，server是把安全驗證任務(wù)交給另一個samba/NT server。而domain則是windows的域安全級別。

2，        smbpasswd
smbpasswd是samba服務(wù)的一部分，當(dāng)root執(zhí)行smbpasswd時，它可以添加刪除samba用戶，或改變用戶的屬性。當(dāng)標(biāo)準(zhǔn)用戶執(zhí)行smbpasswd時，它可以改變或加密密碼。由于當(dāng)smbpasswd被標(biāo)準(zhǔn)用戶運行時是作為客戶端，所以smbd必須運行。
Smbpasswd使用的散列加密算法是很脆弱的，所以我們必須對smbpasswd文件及其所在的目錄加以限制，使之成為僅root可讀寫，以保證其安全性。

3，        域安全級別
samba server可以創(chuàng)建或加入域。
在加入域的時候，我們先在NT PDC上加入samba server的NetBIOS名字，成為合法帳號。在samba server上，停止samba服務(wù)，執(zhí)行smbpasswd –j domain –r pdc，將samba server加入域。在成功加入域后，會提示如下信息：smbpasswd: Joined domain xxx，同時在smbpasswd文件所在目錄添加一個機(jī)器帳號文件，文件名格式為domain.sambaserver.mac.
在重新啟動samba進(jìn)程前，我們必須編輯smb.conf
security = domain
workgroup = domain
encrypt password = yes
password server=domainPDC1 domainPDC2
samba server在加入NT域后即可對NT用戶驗證，不過，samba需要將NT用戶映射到unix UID。
方法一：user map = /dir/file；指定一個映射文件，如文件中描述root = administrator admin，則用戶administrator/admin訪問時作為root看待。
方法二：將NT用戶遷移到unix上來。由于只是需要一個合法的UID，所以可以鎖定用戶密碼，將其shell環(huán)境設(shè)為空或/bin/false。（也可以通過結(jié)合LDAP來同步windows和unix帳戶。）

4，SWAT
SWAT是samba默認(rèn)安裝的組件。其默認(rèn)端口是901，可以通過web瀏覽方式來對samba進(jìn)行簡單的配置。配置的結(jié)果將保存在smb.conf中。但是對于較高的安全性和個性化需求，我們必須直接編輯smb.conf。

4，        Smb.conf
通常smb.conf被放在/usr/local/samba/lib下。它的內(nèi)容格式為“參數(shù)=值”，以；或#為注釋。除了[global]被作為全局參數(shù)外，[homes]，[printers]等其他的段都可以看作共享資源。在配置完成之后，可以運行testpram來測試smb.conf是否配制正確。

[global]:
workgroup = MYGROUP
定義該Samba服務(wù)器所在的工作組或者域（如果下面的security=domain的話）。
server string = MY Samba Server
設(shè)定機(jī)器的描述，當(dāng)我們通過網(wǎng)絡(luò)鄰居訪問的時候可以在備注里面看見這個內(nèi)容，而且還可以使用samba設(shè)定的變量。這里說一下samba定義的變量：
%S = 當(dāng)前服務(wù)名（如果有的話）
%P = 當(dāng)前服務(wù)的根目錄（如果有的話）
%u = 當(dāng)前服務(wù)的用戶名（如果有的話）
%g = 當(dāng)前用戶說在的主工作組
%U = 當(dāng)前對話的用戶名
%G = 當(dāng)前對話的用戶的主工作組
%H = 當(dāng)前服務(wù)的用戶的Home目錄
%v = Samba服務(wù)的版本號。
%h = 運行Samba服務(wù)機(jī)器的主機(jī)名
%m = 客戶機(jī)的NETBIOS名稱
%L = 服務(wù)器的NETBIOS名稱
%M = 客戶機(jī)的主機(jī)名
%N = NIS服務(wù)器名
%p = NIS服務(wù)的Home目錄
%R = 說采用的協(xié)議等級(值可以是CORE, COREPLUS, LANMAN1, LANMAN2，NT1)
%d = 當(dāng)前服務(wù)進(jìn)程的ID
%a = 客戶機(jī)的結(jié)構(gòu)（只能識別幾項：Samba，WfWg，WinNT，Win95）
%I = 客戶機(jī)的IP
%T = 當(dāng)前日期和時間
hosts allow = 網(wǎng)絡(luò)或者主機(jī)
這里可以設(shè)置允許訪問的網(wǎng)絡(luò)和主機(jī)IP，比如允許192.168.1.0/24和192.168.2.1/32訪問，就用host allow = 192.168.1. 192.168.2.1 127.0.0.1(網(wǎng)絡(luò)注意后面加”.”號，各個項目間用空格隔開，記得把本機(jī)也加進(jìn)去)
printcap name = printcapFile
到printcapFile（一般是/etc/printcap）這個文件中取得打印機(jī)的描述信息
load printers = yes/no
設(shè)定是否自動共享打印機(jī)而不用設(shè)置下面的[printer]一節(jié)的相關(guān)東西
printing = PrintSystemType
定義打印系統(tǒng)的類型，缺省是lprng,可選項有：bsd, sysv, plp, lprng, aix, hpux, qnx。
guest account = pcguest
定義游客帳號，而且需要把這個帳號加入/etc/passwd。
如不定義它就用缺省的nobody
log file = LogFileName
定義記錄文件的位置LogFileName（一般是用/var/log/samba/%m.log）
max log size = size
定義記錄文件的大小size（單位是KB，如果是0的話就不限大�。�
security = security_level
定義Samba的安全級別，按從低到高分為四級：share，user，server，domain。它們對應(yīng)的驗證方式如下：
share: 沒有安全性的級別，任何用戶都可以不要用戶名和口令訪問服務(wù)器上的資源。
user: samba的默認(rèn)配置，要求用戶在訪問共享資源之前資源必須先提供用戶名和密碼進(jìn)行驗證。
server: 和user安全級別類似，但用戶名和密碼是遞交到另外一個服務(wù)器去驗證，比如遞交給一臺NT服務(wù)器。如果遞交失敗，就退到user安全級。
domain: 這個安全級別要求網(wǎng)絡(luò)上存在一臺Windows的主域控制器，samba把用戶名和密碼遞交給它去驗證。
后面三種安全級都要求用戶在unix機(jī)器上也要系統(tǒng)帳戶。否則是不能訪問的。
password server = <NT-Server-Name>;
當(dāng)前面的security設(shè)定為server或者domain的時候才有必要設(shè)定它。
password level = n
這是設(shè)定針對一些SMB客戶像OS/2之類而設(shè)的，這樣的系統(tǒng)在發(fā)送用戶密碼的時候，會把密碼轉(zhuǎn)換成大寫再發(fā)送，這樣就和samba的密碼不一致，這個參數(shù)可以設(shè)定密碼里允許的大寫字母個數(shù)，這樣samba就根據(jù)這個數(shù)目對接收到的密碼進(jìn)行大小寫重組，以重組過的密碼嘗試驗證密碼的正確性。n越大，組合的次數(shù)就越多，驗證時間就越長，安全性也會因此變得越低。例如n=2，用戶的密碼是abcd，但發(fā)送出去其實是ABCD，samba就會把這個ABCD進(jìn)行大小寫重組，組合后的結(jié)果可以是: Abcd, aBcd, abCd, abcD, abcd, ABcd, AbCd, AbcD,aBCd,aBcD,abCD。
所以如果沒有必要，就把n定為是零。這樣的話samba只嘗試兩次，一個是接收到的密碼，另一個嘗試的是這個密碼都是小寫的情況。
username level = n
這個是對于用戶名的情況，說明和上面一項類似。
encrypt passwords = yes/no
設(shè)置是否對密碼進(jìn)行加密，samba本身有一個密碼文件/etc/samba/smbpasswd，如果不對密碼進(jìn)行加密則在驗證會話期間客戶機(jī)和服務(wù)器之間傳遞的是明文密碼，samba直接把這個密碼和Linux里的/etc/samba/smbpasswd密碼文件進(jìn)行驗證。但是在Windows 95 OS/R2以后的版本和Windows NT SP3以后的版本缺省都不傳送明文密碼，要讓這些系統(tǒng)能傳送明文密碼必須在其注冊表里更改，比較麻煩，好的方法就是把這里的這個開關(guān)設(shè)置為yes。
smb passwd file = smbPasswordFile
設(shè)置存放samba用戶密碼的文件smbPasswordFile(一般是/etc/samba/smbpasswd)。
ssl CA certFile = sslFile
當(dāng)samba編譯的時候支持SSL的時候，需要指定SSL的證書的位置（一般在/usr/share/ssl/certs/ca-bundle.crt）。
unix password sync = yes/no
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n
*ReType*new*UNIX*password* %n
*passwd:*all*authentication*tokens*updated*successfully*
這三項設(shè)置能否從windows的應(yīng)用程序修改unix系統(tǒng)的用戶密碼
username map = UsermapFile
指定用戶映射文件（一般是/etc/samba/smbusers），當(dāng)我們在這個文件里面指定一行root = administrator admin的時候，客戶機(jī)的用戶是admin或者administrator連接時會被當(dāng)作用戶root看待。
include = MachineConfFile
指定對不同機(jī)器的連接采用不同的配置文件MachineConfFile（一般為了靈活管理使用/etc/samba/smb.conf.%m，由于采用了samba的變量，把配置文件和客戶機(jī)的NETBIOS名稱關(guān)聯(lián)起來，能很容易地控制這些客戶機(jī)的權(quán)限和設(shè)置）。
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
這個是網(wǎng)絡(luò)socket方面的一些參數(shù)，能實現(xiàn)最好的文件傳輸性能。
相關(guān)的選項還有SO_KEEPALIVE、SO_REUSEADDR、SO_BROADCAST、IPTOS_LOWDELAY、IPTOS_THROUGHPUT、SO_SNDLOWAT（*）、SO_RCVLOWAT（*），帶*號的要指定數(shù)值。一般如果在本地網(wǎng)絡(luò)，就只用IPTOS_LOWDELAY，如果是有一個本地網(wǎng)絡(luò)的，就用IPTOS_LOWDELAY TCP_NODELAY，如果是廣域網(wǎng)絡(luò)，就試試IPTOS_THROUGHPUT。
interfaces = interface1 interface2
如果有多個網(wǎng)絡(luò)接口，就必須在這里指定。如interface = 192.168.12.2/24 192.168.13.2/24
remote browse sync = host(subnet)
這里指定瀏覽列表同步信息從哪里取得， 如果用host（比如192.168.3.25）或者整個子網(wǎng)（192.168.5.255）。
---------------------------------------------------------------------------------------------------------------------
*什么是瀏覽（Browse）：
在SMB協(xié)議中，計算機(jī)為了訪問網(wǎng)絡(luò)資源，就需要了解網(wǎng)絡(luò)上存在的資源列表（例如在Windows下使用網(wǎng)絡(luò)鄰居查看可以訪問的計算機(jī)），這個機(jī)制就被稱為瀏覽（Browse）。雖然SMB協(xié)議中經(jīng)常使用廣播的方式，但如果每次都使用廣播的方式了解當(dāng)前的網(wǎng)絡(luò)資源（包括提供服務(wù)的計算機(jī)和各個計算機(jī)上的服務(wù)資源），就需要消耗大量的網(wǎng)絡(luò)資源和浪費較長的查找時間，因此最好在網(wǎng)絡(luò)中維護(hù)一個網(wǎng)絡(luò)資源的列表，以方便查找網(wǎng)絡(luò)資源。只有必要的時候，才重新查找資源，例如使用Windows下的查找計算機(jī)功能。
　　但沒有必要每個計算機(jī)都維護(hù)整個資源列表，維護(hù)網(wǎng)絡(luò)中當(dāng)前資源列表的任務(wù)由網(wǎng)絡(luò)上的幾個特殊計算機(jī)完成的，這些計算機(jī)被稱為Browser，這些Browser通過記錄廣播數(shù)據(jù)或查詢名字服務(wù)器來記錄網(wǎng)絡(luò)上的各種資源。
Browser并不是事先指定的計算機(jī)，而是在普通計算機(jī)之間通過自動進(jìn)行的推舉產(chǎn)生的。不同的計算機(jī)可以按照其提供服務(wù)的能力，設(shè)置在推舉時具備的不同權(quán)重。為了保證一個Browser停機(jī)時網(wǎng)絡(luò)瀏覽仍然正常，網(wǎng)絡(luò)中常常存在多個Browser，一個為主Browser（Master Browser），其他的為備份Browser。
---------------------------------------------------------------------------------------------------------------------
remote announce = host(subnet)
指定這些機(jī)器向網(wǎng)絡(luò)宣告自己，而不是有Browser得到。
local master = yes/no
這個參數(shù)指定nmbd是否試圖成為本地主瀏覽器，默認(rèn)值是yes，如果設(shè)為no則samba服務(wù)器就永遠(yuǎn)都不會成為本地主瀏覽器。但即使設(shè)置了yes，也不等于samba服務(wù)器就會成為本地主瀏覽器。只是參與本地主瀏覽器選擇。
os level = n
n的值是個整數(shù)，決定了nmbd是否有機(jī)會成為本地廣播區(qū)域的工作組里的本地主瀏覽器，默認(rèn)值是零，零則意味著nmbd失去瀏覽選擇。如果要nmbd更有機(jī)會成為本地主瀏覽器的話，可以設(shè)為65。
domain master = yes/no
這個參數(shù)讓nmbd成為一個域瀏覽器，取得各本地主瀏覽器的瀏覽列表，并將整個域的瀏覽列表遞交給各本地主瀏覽器。
preferred master = yes/no
這個參數(shù)指定nmbd是否是工作組里的首要的主瀏覽器，如果指定為yes，nmbd在啟動的時候就強(qiáng)制一個瀏覽選擇。
--------------------------------------------------------------------------------------------------------------------
Domain master和local master
工作組和域這兩個概念在進(jìn)行瀏覽時具備同樣的用處，都是用于區(qū)分并維護(hù)同一組瀏覽數(shù)據(jù)的多個計算機(jī)。事實上他們的不同在于認(rèn)證方式上，工作組中每臺計算機(jī)都基本上是獨立的，獨立對客戶訪問進(jìn)行認(rèn)證，而域中將存在一個（或幾個）域控制器，保存對整個域中都有效的認(rèn)證信息，包括用戶的認(rèn)證信息以及域內(nèi)成員計算機(jī)的認(rèn)證信息。瀏覽數(shù)據(jù)的時候，并不需要認(rèn)證信息，Microsoft將工作組擴(kuò)展為域，只是為了形成一種分級的目錄結(jié)構(gòu)，將原有的瀏覽和目錄服務(wù)相結(jié)合，以擴(kuò)大Mircrosoft網(wǎng)絡(luò)服務(wù)范圍的一種策略。
工作組和域都可以跨越多個子網(wǎng)，因此網(wǎng)絡(luò)中就存在兩種Browser，一種為Domain Master Browser，用于維護(hù)整個工作組或域內(nèi)的瀏覽數(shù)據(jù)，另一種為Local Master Browser，用于維護(hù)本子網(wǎng)內(nèi)的瀏覽數(shù)據(jù)，它和Domain Master Browser通信以獲得所有的可瀏覽數(shù)據(jù)。劃分這兩種Browser 主要是由于瀏覽數(shù)據(jù)依賴于本地網(wǎng)廣播來獲得資源列表，不同子網(wǎng)之間只能通過瀏覽器之間的交流能力，才能互相交換資源列表。
但是，為了瀏覽多個子網(wǎng)的資源，必須使用NBNS名字服務(wù)器的解析方式，沒有NBNS的幫助，計算機(jī)將不能獲得子網(wǎng)外計算機(jī)的NetBIOS名字。Local Master Browser也需要查詢NetBIOS名字服務(wù)器以獲得Domain Master Browser的名字，以相互交換網(wǎng)絡(luò)資源信息。
由于域控制器在域內(nèi)的特殊性，因此域控制器傾向于被用做Browser，主域控制器應(yīng)該被用作Domain Master Browser，他們在推舉時設(shè)置的權(quán)重較大。
----------------------------------------------------------------------------------------------------------------------
preserve case = yes/no
short preserve case = yes/no
指定拷貝DOS文件的時候保持大小寫，缺省是no
default case = lower/upper
所有的DOS文件的缺省是大寫還是小寫
case sensitive = yes/no
大小寫敏感，一般是no,不然會出現(xiàn)一些問題。
共享設(shè)置：
共享資源:
每個SMB服務(wù)器能對外提供文件或打印服務(wù)，每個共享資源需要被給予一個共享名，這個名字將顯示在這個服務(wù)器的資源列表中。如果一個資源的名字的最后一個字母為$，則這個共享名就為隱藏共享，不能直接表現(xiàn)在瀏覽列表中，而只能通過直接訪問這個名字來進(jìn)行訪問。在SMB協(xié)議中，為了獲得服務(wù)器提供的資源列表，必須使用一個隱藏的資源名字IPC$來訪問服務(wù)器，否則客戶無法獲得系統(tǒng)資源的列表。
--------------------------------------------------------------------------------------------------------------------
[homes]，在smb.conf文件中一般沒有對這個目錄的設(shè)定特定內(nèi)容比如路徑等。
當(dāng)客戶機(jī)發(fā)出服務(wù)請求時，就在smb.conf文件的其它部分查找特定內(nèi)容的服務(wù)。如果沒有發(fā)現(xiàn)這些服務(wù)，并且提供了homes段時，那么就搜索密碼文件得到用戶的Home目錄。通過Homes段，Samba可以得到用戶的Home目錄并使之共享。
下面是這個段的最基本的幾個設(shè)置。
[homes]
comment=Home Directory
browseable=no
writable=yes
比較正常的共享的配置如下例：
[MyShare]
comment = grind’s file
path = /home/grind
allow hosts = host(subnet)
deny hosts = host(subnet)
writable = yes/no
user = user(@group)
valid users = user(@group)
invalid users = user(@group)
read list = user(@group)
write list = user(@group)
admin list = user(@group)
public = yes/no
hide dot files = yes/no
create mode = 0755
directory mode = 0755
sync always = yes/no
short preserve case = yes/no
preserve case = yes/no
case sensitive = yes/no
mangle case = yes/no
default case = upper/lower
force user = grind
wide links = yes/no
max connections = 100
delete readonly = yes/no
其中[]里面的MyShare指定共享名，一般就是網(wǎng)絡(luò)鄰居里面可以看見的文件夾的名字。
comment指的是對改共享的備注。
path指定共享的路徑，其中可以配合samba變量使用。比如你可以指定path=/data/%m，這樣如果一臺機(jī)器的NETBIOS名字是grind,它訪問MyShare這個共享的時候就是進(jìn)入/data/grind目錄,而對于NETBIOS名是glass的機(jī)器，則進(jìn)入/data/glass目錄。
allow hosts和deny hosts和前面的全局設(shè)置的方法一樣這里不再提及。
writeable指定了這個目錄缺省是否可寫，也可以用readonly = no來設(shè)置可寫。
user設(shè)置所有可能使用該共享資源的用戶，也可以用@group代表group這個組的所有成員，不同的項目之間用空格或者逗號隔開。
valid users指定能夠使用該共享資源的用戶和組。
invalid users指定不能夠使用該共享資源的用戶和組。
read list 指定只能讀取該共享資源的用戶和組。
write list指定能讀取和寫該共享資源的用戶和組。
admin list指定能管理該共享資源（包括讀寫和權(quán)限賦予等）的用戶和組。
public指明該共享資源是否能給游客帳號訪問，這個開關(guān)有時候也叫g(shù)uest ok，所以有的配置文件中出現(xiàn)guest ok = yes其實和public = yes是一樣的。
hide dot files指明是不是像unix那樣隱藏以“.”號開頭的文件。
create mode指明新建立的文件的屬性，一般是0755。
directory mode指明新建立的目錄的屬性，一般是0755。
sync always指明對該共享資源進(jìn)行寫操作后是否進(jìn)行同步操作。
short preserve case指明不管文件名大小寫。
preserve case指明保持大小寫。
case sensitive指明是否對大小寫敏感，一般選no,不然可能引起錯誤。
mangle case指明混合大小寫。
default case指明缺省的文件名是全部大寫還是小寫。
force user強(qiáng)制把建立文件的屬主是誰。如果我有一個目錄，讓guest可以寫，那么guest就可以刪除，如果我用force user= grind強(qiáng)制建立文件的屬主是grind，同時限制create mask = 0755，這樣guest就不能刪除了。
wide links指明是否允許共享外符號連接，比如共享資源里面有個連接指向非共享資源里面的文件或者目錄，如果設(shè)置wide links = no將使該連接不可用。
max connections = n設(shè)定同時連接數(shù)是n。
delete readonly指明能否刪除共享資源里面已經(jīng)被定義為只讀的文件。
有兩類特殊的共享，分別是光驅(qū)和打印機(jī)
光驅(qū)的共享設(shè)置:
[cdrom]
comment = grind’s cdrom
path = /mnt/cdrom
public = yes
browseable = yes
root preexec = /bin/mount -t iso9660 /dev/cd0 /mnt/cdrom
root postexec = /bin/umount /mnt/cdrom
這里root preexec指明了連接時用root的身份運行mount命令，而root postexec則指明了斷開時用root身份運行umount,有效實現(xiàn)了對光驅(qū)的共享。
打印機(jī)共享的設(shè)置：
[printers]
path = /var/spool/samba
writeable = no
guest ok = yes
printable = yes
printer driver = HP LaserJet 5L
這里printable指明該打印機(jī)可以打印， guest ok說明guest帳戶也能打印，path指明打印的臨時文件隊列放到/var/spool/samba目錄下。printer driver的作用是指明該打印機(jī)的類型，這樣我們在安裝網(wǎng)絡(luò)打印機(jī)的時候可以直接自動安裝驅(qū)動而不必選擇。

Smb.conf sample

Sample I: (solaris 8/Win nt domain)

1. 
   
2. # this is the main Samba configuration file. You should read the
   
3. # smb.conf(5) manual page in order to understand the options listed
   
4. # here. Samba has a huge number of configurable options (perhaps too
   
5. # many!) most of which are not shown in this example
   
6. #
   
7. # Any line which starts with a ; (semi-colon) or a # (hash)
   
8. # is a comment and is ignored. In this example we will use a #
   
9. # for commentry and a ; for parts of the config file that you
   
10. # may wish to enable
    
11. #
    
12. # NOTE: Whenever you modify this file you should run the command "testparm"
    
13. # to check that you have not many any basic syntactic errors.
    
14. #
    
15. #======================= Global Settings =====================================
    
16. [global]
    
17.    debug level = 0
    
18.    admin users = root
    
19.    netbios name = ufszx01
    
20. 
    
21. # workgroup = NT-Domain-Name or Workgroup-Name
    
22. ;   workgroup = MYGROUP
    
23.    workgroup = UFSZX
    
24. 
    
25. # Server string is the equivalent of the NT Description field
    
26. ;   server string = Samba Server
    
27.    server string = Samba Server on ufszx01
    
28. 
    
29. # This option is important for security. It allows you to restrict
    
30. # connections to machines which are on your local network. The
    
31. # following example restricts access to two C class networks and
    
32. # the "loopback" interface. For more examples of the syntax see
    
33. # the smb.conf man page
    
34. ;   hosts allow = 192.168.1. 192.168.2. 127.
    
35.    hosts allow = 192.168.8. 192.168.19.
    
36. 
    
37. 
    
38. # If you want to automatically load your printer list rather
    
39. # than setting them up individually then you'll need this
    
40.    load printers = yes
    
41. 
    
42. # you may wish to override the location of the printcap file
    
43. ;   printcap name = /etc/printcap
    
44. 
    
45. # on SystemV system setting printcap name to lpstat should allow
    
46. # you to automatically obtain a printer list from the SystemV spool
    
47. # system
    
48. ;   printcap name = lpstat
    
49.    printcap name = lpstat
    
50. 
    
51. # It should not be necessary to specify the print system type unless
    
52. # it is non-standard. Currently supported print systems include:
    
53. # bsd, sysv, plp, lprng, aix, hpux, qnx
    
54. ;   printing = bsd
    
55. 
    
56. # Uncomment this if you want a guest account, you must add this to /etc/passwd
    
57. # otherwise the user "nobody" is used
    
58. ;  guest account = pcguest
    
59. 
    
60. # this tells Samba to use a separate log file for each machine
    
61. # that connects
    
62.    log file = /usr/local/samba/var/log.%m
    
63. 
    
64. # Put a capping on the size of the log files (in Kb).
    
65.    max log size = 50
    
66. 
    
67. # Security mode. Most people will want user level security. See
    
68. # security_level.txt for details.
    
69. ;   security = user
    
70. #   security = server
    
71.    security = share
    
72. 
    
73. # Use password server option only with security = server
    
74. ;   password server = <NT-Server-Name>;
    
75. password server = ufszxnt01
    
76. 
    
77. # Password Level allows matching of _n_ characters of the password for
    
78. # all combinations of upper and lower case.
    
79. ;  password level = 8
    
80. 
    
81. # You may wish to use password encryption. Please read
    
82. # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    
83. # Do not enable this option unless you have read those documents
    
84. ;  encrypt passwords = yes
    
85. 
    
86. # Unix users can map to different SMB User names
    
87. ;  username map = /etc/smbusers
    
88. 
    
89. # Using the following line enables you to customise your configuration
    
90. # on a per machine basis. The %m gets replaced with the netbios name
    
91. # of the machine that is connecting
    
92. ;   include = /usr/local/samba/lib/smb.conf.%m
    
93. 
    
94. # Most people will find that this option gives better performance.
    
95. # See speed.txt and the manual pages for details
    
96.    socket options = TCP_NODELAY
    
97. 
    
98. # Configure Samba to use multiple interfaces
    
99. # If you have multiple network interfaces then you must list them
    
100. # here. See the man page for details.
     
101. ;   interfaces = 192.168.12.2/24 192.168.13.2/24
     
102. 
     
103. # Configure remote browse list synchronisation here
     
104. #  request announcement to, or browse list sync from:
     
105. #       a specific host or from / to a whole subnet (see below)
     
106. ;   remote browse sync = 192.168.3.25 192.168.5.255
     
107. # Cause this host to announce itself to local subnets here
     
108. ;   remote announce = 192.168.1.255 192.168.2.44
     
109. 
     
110. # Browser Control Options:
     
111. # set local master to no if you don't want Samba to become a master
     
112. # browser on your network. Otherwise the normal election rules apply
     
113. ;   local master = no
     
114. 
     
115. # OS Level determines the precedence of this server in master browser
     
116. # elections. The default value should be reasonable
     
117. ;   os level = 33
     
118. 
     
119. # Domain Master specifies Samba to be the Domain Master Browser. This
     
120. # allows Samba to collate browse lists between subnets. Don't use this
     
121. # if you already have a Windows NT domain controller doing this job
     
122. ;   domain master = yes
     
123. 
     
124. # Preferred Master causes Samba to force a local browser election on startup
     
125. # and gives it a slightly higher chance of winning the election
     
126. ;   preferred master = yes
     
127. 
     
128. # Use only if you have an NT server on your network that has been
     
129. # configured at install time to be a primary domain controller.
     
130. ;   domain controller = <NT-Domain-Controller-SMBName>;
     
131.         ;domain controller = exhkg
     
132. 
     
133. # Enable this if you want Samba to be a domain logon server for
     
134. # Windows95 workstations.
     
135. ;   domain logons = yes
     
136. 
     
137. # if you enable domain logons then you may want a per-machine or
     
138. # per user logon script
     
139. # run a specific logon batch file per workstation (machine)
     
140. ;   logon script = %m.bat
     
141. # run a specific logon batch file per username
     
142. ;   logon script = %U.bat
     
143. 
     
144. # Where to store roving profiles (only for Win95 and WinNT)
     
145. #        %L substitutes for this servers netbios name, %U is username
     
146. #        You must uncomment the [Profiles] share below
     
147. ;   logon path = \\%L\Profiles\%U
     
148. 
     
149. # Windows Internet Name Serving Support Section:
     
150. # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
     
151. ;   wins support = yes
     
152.    wins support = yes
     
153. 
     
154. # WINS Server - Tells the NMBD components of Samba to be a WINS Client
     
155. #       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
     
156. ;   wins server = w.x.y.z
     
157. 
     
158. 
     
159. # WINS Proxy - Tells Samba to answer name resolution queries on
     
160. # behalf of a non WINS capable client, for this to work there must be
     
161. # at least one  WINS Server on the network. The default is NO.
     
162. ;   wins proxy = yes
     
163. 
     
164. # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
     
165. # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
     
166. # this has been changed in version 1.9.18 to no.
     
167.    dns proxy = no
     
168. 
     
169. # Case Preservation can be handy - system default is _no_
     
170. # NOTE: These can be set on a per share basis
     
171. ;  preserve case = no
     
172. ;  short preserve case = no
     
173. # Default case is normally upper case for all DOS files
     
174. ;  default case = lower
     
175. # Be very careful with case sensitivity - it can break things!
     
176. ;  case sensitive = no
     
177. 
     
178.    time server = true
     
179. 
     
180. #============================ Share Definitions ==============================
     
181. [homes]
     
182.    comment = Home Directories
     
183.    browseable = no
     
184.    writable = yes
     
185. 
     
186. # Un-comment the following and create the netlogon directory for Domain Logons
     
187. ;[netlogon]
     
188. ;   comment = Network Logon Service
     
189. ;   path = /usr/local/samba/lib/netlogon
     
190. ;   guest ok = yes
     
191. ;   writable = no
     
192. ;   share modes = no
     
193. 
     
194. 
     
195. # Un-comment the following to provide a specific roving profile share
     
196. # the default is to use the user's home directory
     
197. ;[Profiles]
     
198. ;    path = /usr/local/samba/profiles
     
199. ;    browseable = no
     
200. ;    guest ok = yes
     
201. 
     
202. 
     
203. # NOTE: If you have a BSD-style print system there is no need to
     
204. # specifically define each individual printer
     
205. [printers]
     
206.    comment = All Printers
     
207.    path = /usr/spool/samba
     
208.    browseable = no
     
209. # Set public = yes to allow user 'guest account' to print
     
210.    guest ok = yes
     
211.    writable = no
     
212.    printable = yes
     
213. 
     
214. # This one is useful for people to share files
     
215. [tmp]
     
216.    comment = Temporary file space
     
217.    path = /tmp
     
218.    read only = no
     
219.    public = yes
     
220. 
     
221. # A publicly accessible directory, but read only, except for people in
     
222. # the "staff" group
     
223. ;[public]
     
224. ;   comment = Public Stuff
     
225. ;   path = /home/samba
     
226. ;   public = yes
     
227. ;   writable = yes
     
228. ;   printable = no
     
229. ;   write list = @staff
     
230. 
     
231. # Other examples.
     
232. #
     
233. # A private printer, usable only by fred. Spool data will be placed in fred's
     
234. # home directory. Note that fred must have write access to the spool directory,
     
235. # wherever it is.
     
236. ;[fredsprn]
     
237. ;   comment = Fred's Printer
     
238. ;   valid users = fred
     
239. ;   path = /homes/fred
     
240. ;   printer = freds_printer
     
241. ;   public = no
     
242. ;   writable = no
     
243. ;   printable = yes
     
244. 
     
245. # A private directory, usable only by fred. Note that fred requires write
     
246. # access to the directory.
     
247. ;[fredsdir]
     
248. ;   comment = Fred's Service
     
249. ;   path = /usr/somewhere/private
     
250. ;   valid users = fred
     
251. ;   public = no
     
252. ;   writable = yes
     
253. ;   printable = no
     
254. 
     
255. # a service which has a different directory for each machine that connects
     
256. # this allows you to tailor configurations to incoming machines. You could
     
257. # also use the %U option to tailor it by user name.
     
258. # The %m gets replaced with the machine name that is connecting.
     
259. ;[pchome]
     
260. ;  comment = PC Directories
     
261. ;  path = /usr/pc/%m
     
262. ;  public = no
     
263. ;  writable = yes
     
264. 
     
265. # A publicly accessible directory, read/write to all users. Note that all files
     
266. # created in the directory by users will be owned by the default user, so
     
267. # any user with access can delete any other user's files. Obviously this
     
268. # directory must be writable by the default user. Another user could of course
     
269. # be specified, in which case all files would be owned by that user instead.
     
270. ;[public]
     
271. ;   path = /usr/somewhere/else/public
     
272. ;   public = yes
     
273. ;   only guest = yes
     
274. ;   writable = yes
     
275. ;   printable = no
     
276. 
     
277. # The following two entries demonstrate how to share a directory so that two
     
278. # users can place files there that will be owned by the specific users. In this
     
279. # setup, the directory should be writable by both users and should have the
     
280. # sticky bit set on it to prevent abuse. Obviously this could be extended to
     
281. # as many users as required.
     
282. ;[myshare]
     
283. ;   comment = Mary's and Fred's stuff
     
284. ;   path = /usr/somewhere/shared
     
285. ;   valid users = mary fred
     
286. ;   public = no
     
287. ;   writable = yes
     
288. ;   printable = no
     
289. ;   create mask = 0765
     
290. 
     
291. [HP]
     
292.    path = /usr/spool/samba
     
293.    read only = No
     
294.    guest ok = Yes
     
295.    print ok = Yes
     
296.    share modes = No
     
297.    oplocks = No
     
298.    printer = HP
     
299. 
     
300. [LOG]
     
301.    comment = LOG
     
302.    path = /icil/log/pc
     
303.    guest ok = yes
     
304.    writeable = yes
     
305.    create mode = 0666
     
306. 
     
307. ;[TRAXON]
     
308. ;   comment = TRAXON
     
309. ;   path = /var/spool/uucppublic/traxon
     
310. ;   guest ok = yes
     
311. ;   writeable = yes
     
312. ;   create mode = 0777
     
313. 
     
314. [TMP]
     
315.    comment = TMP
     
316.    path = /tmp
     
317.    guest ok = yes
     
318. 
     
319. [CDROM]
     
320.    comment = CDROM
     
321.    path = /cdrom
     
322.    guest ok = yes
     

復(fù)制代碼

Sample II: （linux/ act as a PDC）

1. 
   
2. # This is the main Samba configuration file. You should read the
   
3. # smb.conf(5) manual page in order to understand the options listed
   
4. # here. Samba has a huge number of configurable options (perhaps too
   
5. # many!) most of which are not shown in this example
   
6. #
   
7. # Any line which starts with a ; (semi-colon) or a # (hash)
   
8. # is a comment and is ignored. In this example we will use a #
   
9. # for commentry and a ; for parts of the config file that you
   
10. # may wish to enable
    
11. #
    
12. # NOTE: Whenever you modify this file you should run the command "testparm"
    
13. # to check that you have not made any basic syntactic errors.
    
14. #
    
15. #======================= Global Settings =====================================
    
16. [global]
    
17. 
    
18. # workgroup = NT-Domain-Name or Workgroup-Name
    
19.    workgroup = UFCMB
    
20.    netbios name = ufcmblx01
    
21. 
    
22. # server string is the equivalent of the NT Description field
    
23.    server string = UFCMB Samba PDC Server
    
24. 
    
25. 
    
26. # This option is important for security. It allows you to restrict
    
27. # connections to machines which are on your local network. The
    
28. # following example restricts access to two C class networks and
    
29. # the "loopback" interface. For more examples of the syntax see
    
30. # the smb.conf man page
    
31. ;   hosts allow = 192.168.1. 192.168.2. 127.
    
32. 
    
33. # if you want to automatically load your printer list rather
    
34. # than setting them up individually then you'll need this
    
35. ;  printcap name = /etc/printcap
    
36.   load printers = no
    
37. 
    
38. # It should not be necessary to spell out the print system type unless
    
39. # yours is non-standard. Currently supported print systems include:
    
40. # bsd, sysv, plp, lprng, aix, hpux, qnx
    
41.   ; printing = bsd
    
42. 
    
43. # Uncomment this if you want a guest account, you must add this to /etc/passwd
    
44. # otherwise the user "nobody" is used
    
45. ; guest account = pcguest
    
46. 
    
47. # this tells Samba to use a separate log file for each machine
    
48. # that connects
    
49.    log file = /var/log/samba/log.%m
    
50. 
    
51. # Put a capping on the size of the log files (in Kb).
    
52.    max log size = 50
    
53. 
    
54. # Security mode. Most people will want user level security. See
    
55. # security_level.txt for details.
    
56.    security = user
    
57. # Use password server option only with security = server
    
58. ;   password server = <NT-Server-Name>;
    
59. 
    
60. # Password Level allows matching of _n_ characters of the password for
    
61. # all combinations of upper and lower case.
    
62. ;  password level = 8
    
63. ;  username level = 8
    
64. 
    
65. # You may wish to use password encryption. Please read
    
66. # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    
67. # Do not enable this option unless you have read those documents
    
68.   encrypt passwords = yes
    
69.   smb passwd file = /usr/local/samba/private/smbpasswd
    
70. 
    
71. # The following are needed to allow password changing from Windows to
    
72. # update the Linux system password also.
    
73. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
    
74. # NOTE2: You do NOT need these to allow workstations to change only
    
75. #        the encrypted SMB passwords. They allow the Unix password
    
76. #        to be kept in sync with the SMB password.
    
77.   unix password sync = Yes
    
78.   passwd program = /usr/bin/passwd %u
    
79.   passwd chat = *New* %n\n *ReType* %n\n
    
80. 
    
81. # Unix users can map to different SMB User names
    
82.   username map = /usr/local/samba/private/smbusers
    
83. 
    
84. # Using the following line enables you to customise your configuration
    
85. # on a per machine basis. The %m gets replaced with the netbios name
    
86. # of the machine that is connecting
    
87. ;   include = /etc/samba/smb.conf.%m
    
88. 
    
89. # Most people will find that this option gives better performance.
    
90. # See speed.txt and the manual pages for details
    
91.    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    
92. 
    
93. # Configure Samba to use multiple interfaces
    
94. # If you have multiple network interfaces then you must list them
    
95. # here. See the man page for details.
    
96. ;   interfaces = 192.168.12.2/24 192.168.13.2/24
    
97. 
    
98. # Configure remote browse list synchronisation here
    
99. #  request announcement to, or browse list sync from:
    
100. #       a specific host or from / to a whole subnet (see below)
     
101. ;   remote browse sync = 192.168.3.25 192.168.5.255
     
102. # Cause this host to announce itself to local subnets here
     
103. ;   remote announce = 192.168.1.255 192.168.2.44
     
104. 
     
105. # Browser Control Options:
     
106. # set local master to no if you don't want Samba to become a master
     
107. # browser on your network. Otherwise the normal election rules apply
     
108.   local master = yes
     
109. 
     
110. # OS Level determines the precedence of this server in master browser
     
111. # elections. The default value should be reasonable
     
112.    os level = 64
     
113. 
     
114. # Domain Master specifies Samba to be the Domain Master Browser. This
     
115. # allows Samba to collate browse lists between subnets. Don't use this
     
116. # if you already have a Windows NT domain controller doing this job
     
117.    domain master = yes
     
118. 
     
119. # Preferred Master causes Samba to force a local browser election on startup
     
120. # and gives it a slightly higher chance of winning the election
     
121.    preferred master = yes
     
122. 
     
123. # Enable this if you want Samba to be a domain logon server for
     
124. # Windows95 workstations.
     
125.    domain logons = yes
     
126. 
     
127. # if you enable domain logons then you may want a per-machine or
     
128. # per user logon script
     
129. # run a specific logon batch file per workstation (machine)
     
130. ;   logon script = %m.bat
     
131. # run a specific logon batch file per username
     
132. ;   logon script = %U.bat
     
133.     logon script = icil.bat
     
134. # Where to store roving profiles (only for Win95 and WinNT)
     
135. #        %L substitutes for this servers netbios name, %U is username
     
136. #        You must uncomment the [Profiles] share below
     
137. 
     
138.   logon drive = Z:
     
139. 
     
140.   logon home = \\%N\%U
     
141. 
     
142.   logon path = \\%N\%U\profile
     
143. 
     
144. 
     
145. 
     
146. # All NetBIOS names must be resolved to IP Addresses
     
147. # 'Name Resolve Order' allows the named resolution mechanism to be specified
     
148. # the default order is "host lmhosts wins bcast". "host" means use the unix
     
149. # system gethostbyname() function call that will use either /etc/hosts OR
     
150. # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
     
151. # and the /etc/resolv.conf file. "host" therefore is system configuration
     
152. # dependant. This parameter is most often of use to prevent DNS lookups
     
153. # in order to resolve NetBIOS names to IP Addresses. Use with care!
     
154. # The example below excludes use of name resolution for machines that are NOT
     
155. # on the local network segment
     
156. # - OR - are not deliberately to be known via lmhosts or via WINS.
     
157. name resolve order = wins lmhosts bcast
     
158. 
     
159. # Windows Internet Name Serving Support Section:
     
160. # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
     
161.    wins support = yes
     
162. 
     
163. # WINS Server - Tells the NMBD components of Samba to be a WINS Client
     
164. #       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
     
165. ;   wins server = w.x.y.z
     
166. 
     
167. # WINS Proxy - Tells Samba to answer name resolution queries on
     
168. # behalf of a non WINS capable client, for this to work there must be
     
169. # at least one  WINS Server on the network. The default is NO.
     
170. ;   wins proxy = yes
     
171. 
     
172. # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
     
173. # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
     
174. # this has been changed in version 1.9.18 to no.
     
175.    dns proxy = no
     
176. 
     
177. # Case Preservation can be handy - system default is _no_
     
178. # NOTE: These can be set on a per share basis
     
179. ;  preserve case = no
     
180. ;  short preserve case = no
     
181. # Default case is normally upper case for all DOS files
     
182. ;  default case = lower
     
183. # Be very careful with case sensitivity - it can break things!
     
184. ;  case sensitive = no
     
185. 
     
186. #============================ Share Definitions ==============================
     
187. [homes]
     
188.    comment = Home Directories
     
189. 
     
190.     browseable = no
     
191.     writeable = yes
     
192. 
     
193. # Un-comment the following and create the netlogon directory for Domain Logons
     
194. [netlogon]
     
195.    comment = Network Logon Service
     
196.    path = /icil/home/netlogon
     
197.    guest ok = yes
     
198.    writable = no
     
199.    share modes = no
     
200. 
     
201. 
     
202. # Un-comment the following to provide a specific roving profile share
     
203. # the default is to use the user's home directory
     
204. ;[profiles]
     
205. ;    path = /icil/home/profiles
     
206. ;    browseable = yes
     
207. ;    guest ok = yes
     
208. ;    create mask = 0600
     
209. ;    directory mask = 0700
     
210. 
     
211. [DEPT]
     
212.    comment =  Dept folder
     
213.    path = /icil/dept
     
214.    guest ok = yes
     
215.    writeable = yes
     
216.    create mode = 0666
     
217. 
     
218. [GHOST]
     
219.    comment =  Ghost image folder
     
220.    path = /ghost
     
221.    guest ok = yes
     
222.    writeable = yes
     
223.    create mode = 0666
     

復(fù)制代碼

Samba其他功能

1， Smbclient使用PC共享資源
smbclient '\\'${host}'\C$' -Uuser%"password" –W domain
操作方式類似FTP。具體操作方式略。

2，smbprint使用共享打印機(jī)（略）

Samba FAQ(略)
請查閱samba.org或Google以解決問題。

請參考以下站點來解決更深層次的問題：
http://www.samba.org[/code]