Samba Server 配置

时间:2021-09-21 00:16:28

1.Issue:Server requested plaintext password but 'client plaintext auth' is disabled 
  session setup failed: SUCCESS - 0 
I tried 'smbclient -s foo.conf //server/dir' where foo.conf has: 
[global] 
      client plaintext auth = yes 
But the results are the same. 
You have to set 'client lanman auth = yes'.  Otherwise, 
'client plaintext auth' is forced off.

2.Issue:Can Samba “security = user” be used for guest share without Windows login prompt?
http://serverfault.com/questions/211128/can-samba-security-user-be-used-for-guest-share-without-windows-login-prompt

3.Samba服务所使用的端口和协议:
* Port 137 (UDP) - NetBIOS name service and nmbd  
* Port 138 (UDP) - NetBIOS datagram service   
* Port 139 (TCP) - File and printer sharing and smbd    
* Port 389 (TCP) - for LDAP (Active Directory Mode)   
* Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)   
* Port 901 (TCP) - for SWAT

*Samba是一种网络文件共享协议,允许不同操作系统,不同平台的机器之间通过网络实现文件访问控制。
*特别是允许Windows系统访问Unix系统的文件。Samba服务一般开启有两个端口139 TCP 445TCP。

4.配置Samba服务器:
可以参考的有价值的文档有: man samba  / man smbd / man smb.conf
配置文件主要有: /etc/samba/smb.conf  /etc/pam.d/samba
客户端测试工具: Windows 网络邻居查看计算机 / Linux smbclient
配置时查看服务运行状态的日志文件主要有:
*Samba进程日志 /var/log/samba/* (smbd.log / IP.log)
*系统授权日志:/var/log/auth.log
*系统日志:/var/log/syslog

6.smb.conf 的一些重要选项:

[global]
   workgroup = WORKGROUP
   netbios name = Samab-Server
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

security = share                         #常用的还有 security = user
   guest ok = yes                           
   encrypt passwords = yes       # 密码加密,如果设置成NO,Windows系统访问不能正常(要修改注册表才能正常访问,因为Windows作为客户端访问时,默认加密密码)

client lanman auth = yes    
   client plaintext auth = yes

[pub]
   comment = Users profiles
   path = /ftp/pub
   browseable = yes
有关encrypt passwords = yes: 当设置成yes时PAM 授权控制全部被忽略(因为PAM不能处理加密过的授权控制);设置成NO时,Windows系统默认不能访问,此时CMD下使用 net use Z: //samba-server/pub  出现1240Error。除非修改系统注册表EnablePlantPassword才行。参见参考微软支持网站:
http://support.microsoft.com/kb/224287
http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2536276-windows-xp-pc-get-system-error-58-when/d9dbdde5-2666-4423-b47c-fbdb80b995d9

6.为了兼容Windows系统,设置encrypt passwords = yes 貌似是必须的。但又想使用PAM方式认证用户:
配置:
security = user
encrypt passwords = yes
obey pam restrictions = yes
测试发现可以开启Samba服务的PAM方式认证用户。

7.使用SSH使得远程访问MYSQL更加安全
http://www.j-cn.org/post/754.html
http://ig2net.info/archives/788.html