Difference between revisions of "Configure SMB"

From Organic Design wiki
(directory mask)
(Change source-code blocks to standard format)
Line 6: Line 6:
  
 
Here's an example of our samba configuration format for the '''/etc/samba/smb.conf''' file:
 
Here's an example of our samba configuration format for the '''/etc/samba/smb.conf''' file:
{{code|<pre>
+
<source>
 
[global]
 
[global]
 
workgroup = Foo
 
workgroup = Foo
Line 27: Line 27:
 
comment = Our staff files
 
comment = Our staff files
 
valid users = henry alan tabatha
 
valid users = henry alan tabatha
 
+
</source>
</pre>}}
 
 
*'''password level = 3''' means account ''foo'', ''Foo'' and ''FOO'' are all equivalent user names
 
*'''password level = 3''' means account ''foo'', ''Foo'' and ''FOO'' are all equivalent user names
 
*'''log level = 4''' can be used to debug authentication and other problems, also directing at a single log file can help (instead of one per user)
 
*'''log level = 4''' can be used to debug authentication and other problems, also directing at a single log file can help (instead of one per user)

Revision as of 18:11, 22 May 2015

Procedure.svg Configure SMB
Organic Design procedure

Here's an example of our samba configuration format for the /etc/samba/smb.conf file:

[global]
	workgroup = Foo
	server string = Foo server
	wins support = yes

	security = user
	encrypt passwords = yes
	password level = 3
	passdb backend = tdbsam

	invalid users = root daemon bin sys mail sshd bind www-data
	browseable = yes
	writable = yes
	create mask = 0777
	directory mask = 0777

[staff]
	path = /shared/staff
	comment = Our staff files
	valid users = henry alan tabatha
  • password level = 3 means account foo, Foo and FOO are all equivalent user names
  • log level = 4 can be used to debug authentication and other problems, also directing at a single log file can help (instead of one per user)
  • passdb backend = tdbsam means use the basic password backend instead of the older smbpasswd format or scalable ldapsam
  • Note: whatever password backend is used, smbpasswd needs to be run for each user before they can begin accessing shares

Account synchronisation

The main issue with the initial configuration of Samba on the LAN server concerns the users and groups. What is the origin of the user/group information? and how does samba synchronise to it or use it to authenticate? Since all our servers run a wiki we decided to make the wiki the source of the users, passwords and groups information. To do this we instruct the local wiki daemon to set the unix and samba passwords whenever one is changed in the wiki. All this requires is to install the EventPipe extension on the server's administration wiki and ensure that it has a wiki daemon configured and running.

  • Later we need to only synchronise accounts that are in a particular wiki group
  • Later we should also allow the shares to be created and configured through FS records

Next steps

See also