Samba

par **marlone41** » 11 Nov 2003 01:19

Bonjour a tous je suis en train de mettre mon réseau en place et je me prend la tete grave sur mon serveur samba d un cote j ai une mandrake 9.1 ave samba 2.2 de l autre winxp pro est ce que quelq un a une doc mais qui soit vraiment simple j ai testé de mon coté je créer bien mes repertoires de partage et je vois bien mon poste linus dans le voisinage reseau mais quand je clique dessus il me dit de contacter l admin du serveur je ne comprends alors vraiment a l adide!!! Merci d avance et bon courage BIG <IMG SRC="images/smiles/icon_up.gif">

par **frenk** » 11 Nov 2003 01:26

tape en console man samba <IMG SRC="images/smiles/icon_eek.gif">

par **swapfiles** » 11 Nov 2003 01:28

et profites en pour nous envoyer ton smb.conf pour voir si on peut t'aider.

par **marlone41** » 11 Nov 2003 01:33

voici mon smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] # 1. Server Naming Options: # workgroup = NT-Domain-Name or Workgroup-Name workgroup = serveur # netbios name is the name you will see in "Network Neighbourhood", # but defaults to your hostname netbios name = serveurlinux # server string is the equivalent of the NT Description field server string = Samba Server %v # Message command is run by samba when a "popup" message is sent to it. # The example below is for use with LinPopUp: ; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s # 2. Printing Options: # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK # (as cups is now used in linux-mandrake 7.2 by default) # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = cups load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx, cups printing = cups # Samba 2.2 supports the Windows NT-style point-and-print feature. To # use this, you need to be able to upload print drivers to the samba # server. The printer admins (or root) may install drivers onto samba. # Note that this feature uses the print$ share, so you will need to # enable it below. # This parameter works like domain admin group: # printer admin = @<group> <user> printer admin = @adm # This should work well for winbind: ; printer admin = @"Domain Admins" # 3. Logging Options: # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Set the log (verbosity) level (0 <= log level <= 10) ; log level = 3 # 4. Security and Domain Membership Options: # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page. Do not enable this if (tcp/ip) name resolution does # not work for all the hosts in your network. ; hosts allow = 192.168.1. 192.168.2. 127. # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # Allow users to map to guest: map to guest = bad user # Security mode. Most people will want user level security. See # security_level.txt for details. security = share # Use password server option only with security = server or security = domain # When using security = domain, you should use password server = * ; password server = <NT-Server-Name> ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents # Encrypted passwords are required for any use of samba in a Windows NT domain # The smbpasswd file is only required by a server doing authentication, thus # members of a domain do not need one. encrypt passwords = no smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # also update the Linux system password. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes # You either need to setup a passwd program and passwd chat, or # enable pam password change ; pam password change = yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn ;*passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Options for using winbind. Winbind allows you to do all account and # authentication from a Windows or samba domain controller, creating # accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's # and gid's. winbind uid and winbind gid are the only required parameters. # # winbind uid is the range of uid's winbind can use when mapping RIDs to uid's ; winbind uid = 10000-20000 # # winbind gid is the range of uid's winbind can use when mapping RIDs to gid's ; winbind gid = 10000-20000 # # winbind separator is the character a user must use between their domain # name and username, defaults to "" ; winbind separator = + # # winbind use default domain allows you to have winbind return usernames # in the form user instead of DOMAIN+user for the domain listed in the # workgroup parameter. ; winbind use default domain = yes # # template homedir determines the home directory for winbind users, with # %D expanding to their domain name and %U expanding to their username: ; template homedir = /home/%D/%U # When using winbind, you may want to have samba create home directories # on the fly for authenticated users. Ensure that /etc/pam.d/samba is # using 'service=system-auth-winbind' in pam_stack modules, and then # enable obedience of pam restrictions below: ; obey pam restrictions = yes # # template shell determines the shell users authenticated by winbind get ; template shell = /bin/bash # 5. Browser Control and Networking Options: # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # 6. Domain Control Options: # Enable this if you want Samba to be a domain logon server for # Windows95 workstations or Primary Domain Controller for WinNT and Win2k ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roaming profiles for WinNT and Win2k # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = %LProfiles%U # Where to store roaming profiles for Win9x. Be careful with this as it also # impacts where Win2k finds it's /HOME share ; logon home = %L%U.profile # The add user script is used by a domain member to add local user accounts # that have been authenticated by the domain controller, or by the domain # controller to add local machine accounts when adding machines to the domain. # The script must work from the command line when replacing the macros, # or the operation will fail. Check that groups exist if forcing a group. # Script for domain controller for adding machines: ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u # Script for domain controller with LDAP backend for adding machines (please # configure in /etc/samba/smbldap_conf.pm first): ; add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u # Script for domain member for adding local accounts for authenticated users: ; add user script = /usr/sbin/useradd -s /bin/false %u # Domain groups: # domain admin group is a list of unix users or groups who are made members # of the Domain Admin group ; domain admin group = root @adm # # domain guest groups is a list of unix users or groups who are made members # of the Domain Guests group ; domain guest group = nobody @guest # LDAP configuration for Domain Controlling: # The account (dn) that samba uses to access the LDAP server # This account needs to have write access to the LDAP tree # You will need to give samba the password for this dn, by # running 'smbpasswd -w mypassword' ; ldap admin dn = cn=root,dc=mydomain,dc=com ; ldap ssl = start_tls # start_tls should run on 389, but samba defaults incorrectly to 636 ; ldap port = 389 ; ldap suffix = dc=mydomain,dc=com ; ldap server = ldap.mydomain.com # 7. Name Resolution Options: # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # 8. File Naming Options: # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no # Enabling internationalization: # you can match a Windows code page with a UNIX character set. # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), # 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian), # 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul), # 950 (Trad. Chin.). # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) # This is an example for french users: ; client code page = 850 ; character set = ISO8859-1 #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = yes writable = yes # You can enable VFS recycle bin on a per share basis: # Uncomment the next 2 lines (make sure you create a # .recycle folder in the base of the share and ensure # all users will have write access to it. See # examples/VFS/recycle/REAME in samba-doc for details ; vfs object = /usr/lib/samba/vfs/recycle.so ; vfs options= /etc/samba/recycle.conf # You may want to prevent abuse of your server disk space, and spread of virii ; veto files = /*.eml/*.nws/*.dll/*.mp3/*.MP3/*.mpg/*.MPG/*.vbs/*.VBS/ # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no #Uncomment the following 2 lines if you would like your login scripts to #be created dynamically by ntlogon (check that you have it in the correct #location (the default of the ntlogon rpm available in contribs) ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon/ ;root postexec = rm -f /var/lib/samba/netlogon/%U.bat # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes ; writable = yes # This script can be enabled to create profile directories on the fly # You may want to turn off guest acces if you enable this, as it # hasn't been thoroughly tested. ; root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; ; then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi # NOTE: If you have a CUPS print system there is no need to # specifically define each individual printer. # You must configure the samba printers with the appropriate Windows # drivers on your Windows clients. On the Samba server no filtering is # done. If you wish that the server provides the driver and the clients # send PostScript ("Generic PostScript Printer" under Windows), you have # to swap the 'print command' line below with the commented one. [printers] comment = All Printers path = /var/spool/samba browseable = no # to allow user 'guest account' to print. guest ok = yes writable = no printable = yes create mode = 0700 # ===================================== # print command: see above for details. # ===================================== print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. ; print command = lpr-cups -P %p %s -r # using cups own drivers (use generic PostScript on clients). # The following two commands are the samba defaults for printing=cups # change them only if you need different options: ; lpq command = lpq -P %p ; lprm command = cancel %p-%j # This share is used for Windows NT-style point-and-print support. # To be able to install drivers, you need to be either root, or listed # in the printer admin parameter above. Note that you also need write access # to the directory and share definition to be able to upload the drivers. # For more information on this, please see the Printing Support Section of # /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = yes # A useful application of samba is to make a PDF-generation service # To streamline this, install windows postscript drivers (preferably colour) # on the samba server, so that clients can automatically install them. [pdf-generator] path = /var/tmp guest ok = No printable = Yes comment = PDF Generator (only valid users) #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP doc_name & print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" & # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group [public] comment = Public Stuff path = /home/samba/public public = yes writable = no write list = @staff # Audited directory through experimental VFS audit.so module: # Uncomment next line. ; vfs object = /usr/lib/samba/vfs/audit.so # Other examples. # # A private printer, usable only by Fred. Spool data will be placed in Fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. [joe] comment = Fred's Printer valid users = joe path = /home/joe printer = joe_printer public = no writable = no printable = yes # A private directory, usable only by Fred. Note that Fred requires write # access to the directory. [joe] comment = joe's Service path = /home/joe/Documents/photo valid users = Mic2 public = no writable = yes printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. [public] path = /usr/somewhere/else/public public = yes only guest = yes writable = yes printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. [myshare] writeable = yes printable = no path = /home/joe/Documents/ create mask = 0765 comment = joe sert toi valid users = joe <IMG SRC="images/smiles/icon_smile.gif">

par **swapfiles** » 11 Nov 2003 01:42

C'est un peu bizarre ta config tu veux faire en sorte que ton linux fasse pdc mais tu met la security à share. Bon ça passe encore. Mais alors as-tu fais correspondre tes users windows avec tes users Linux????

par **frenk** » 11 Nov 2003 01:43

essaye : "hosts allow = 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0, 127.0.0.1" <IMG SRC="images/smiles/icon_confused.gif">

par **frenk** » 11 Nov 2003 01:49

quand je lis plus bas je vois interfaces = 192.168.12.2/24 192.168.13.2/24 si on considere que t'es machine sont sur le méme lan sa colle pas avec t'on host allow

par **marlone41** » 11 Nov 2003 01:53

eh bien on avance et c clair tu avais raison pour ce coup la par contre il apparait bien mais j ai toujours pas la posibilité de rentrer par contre comme tu me le demandais non je n ai pas paramétrer mes uses win avec linux peu tu m aider stp merci d avance Big <IMG SRC="images/smiles/icon_up.gif"> a toi!

par **grosbedos** » 11 Nov 2003 02:21

salu, est ce que tu as bien un user nobody qui existe dans /etc/passwd ? a-t-il les droits sur au moins un des rep partagé accessible "publiquement" ?? _________________ Pour retrouver une aiguille dans une botte de foin, il suffit d'y mettre le feu puis de fouiller les cendres avec un aimant. Bernard Werber

par **marlone41** » 11 Nov 2003 02:23

c a dire comment faut t il que je l interprete en texte dans ce fichier stp <IMG SRC="images/smiles/icon_bise.gif">

par **grosbedos** » 11 Nov 2003 02:32

ben en fait verifie si tu as une ligne nobody dans /etc/passwd apres si tu veux voir si le mot de passe est a blanc...ca depend du system d'authentification que t'utilises... si tu veux voir les permissions de tes reps partagé..fait seulement un ls -l et verifie si nobody y a acces !

par **Jacques-** » 11 Nov 2003 21:34

La ligne "encrypt password" est à NON. WinXP, Win2K et NT4 utilisent toujours les mots de passe cryptés pour ouvrir un partage ou une session. Donc, vérifier dans le man smb.conf que je ne dis pas de $%#&! sur la valeur du paramètre (je ne crois pas, mais on ne sait jamais) et modifier, faire samba restart et tester. Normalement, ça démarre très bien avec le fichier de conf par défaut de la MDK 9.1, j'ai fait l'essai il y a quelques temps déjà. Juste penser à modifier aussi le codage des caractères pour afficher correctement les accents dans les noms de fichiers et de partage. Bon courage, bonne lecture aussi Jacques

par **marlone41** » 11 Nov 2003 22:13

Ca fonctionne!!! mais en fin de compte messieurs il s'avère que shorewall se lance des que je lance mon partage de connexion internet (module qui doit se lancé automatiquement ). apres ca je reteste , coupure ; j autorise alors toute ouverture de port sur ce meme firewall et le partage se coupe ,je deviens chèvre . j ai regardé la config a réglé et a par les ports tcp udp 138 et 139 je ne vois pas ce que je peux ouvrir d'autre a part ceux haibituellement ouvert? je v continuer a regardé et si quelqu un a une idée , merci d'avance BIG <IMG SRC="images/smiles/icon_up.gif">

par **kboche** » 11 Nov 2003 22:19

Concernant ton sm.conf, je fais un peu de ménage car trop de commentaires... enfin à mon goût car pour rappel # et ; marquent des commentaires... <IMG SRC="images/smiles/icon_up.gif"> # #======================= Global Settings [global] # 1. Server Naming Options: workgroup = serveur netbios name = serveurlinux server string = Samba Server %v # 2. Printing Options: printcap name = cups load printers = yes printing = cups printer admin = @adm # 3. Logging Options: log file = /var/log/samba/log.%m max log size = 50 # 4. Security and Domain Membership Options: map to guest = bad user security = share #Besoin d'un guest account <IMG SRC="images/smiles/icon_smile.gif"> encrypt passwords = yes # les mots de passe passent cryptés C mieux <IMG SRC="images/smiles/icon_find.gif"> smb passwd file = /etc/samba/smbpasswd # 5. Browser Control and Networking Options: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; local master = no ; os level = 33 ; domain master = yes # ce n'est donc pas un DC ; preferred master = yes # 6. Domain Control Options: ; domain logons = yes ; logon script = %m.bat ; logon script = %U.bat # Donc pas de script de démarrage... <IMG SRC="images/smiles/icon_find.gif"> # 7. Name Resolution Options: ; name resolve order = wins lmhosts bcast ; wins support = yes ; wins proxy = yes dns proxy = no # Pas de proxy DNS #===================== Share Definitions Je passe là dessus... <IMG SRC="images/smiles/icon_razz.gif"> Deux liens pour finir et trouver du bonheur Samba en barre : <a href="http://www.docmaster.org/articles/linux028.htm" target="_blank">http://www.docmaster.org/articles/linux028.htm</a> <a href="http://samba.linuxbe.org/fr/samba/" target="_blank">http://samba.linuxbe.org/fr/samba/</a> <IMG SRC="images/smiles/icon_up.gif">

par **beemoon** » 20 Nov 2003 18:54

bon je n'ai vu nul part que t'as fais un adduser de ta machine XP$!!! sans ça le PDC ne fonctionne pas et envoi le message que t'as. T'as lu l'aide de Samba concernant le PDC avec WindowsNT (2000 et XP)? Tout y est. C'est bien un PDC que tu veux faire? Confirme et dès que j'ai fini mon site je t'envoi le lien, j'ai fais un tuto PDC Samba avec Linux et Windows NT en client.

Samba

Qui est en ligne ?