Samba 4.10.6

Contents

環境

 

 

サーバの構築

 

OS設定

 

SELinuxの無効化


SELinuxを無効化しないと共有にアクセスはできるが書き込みができない

sed "s/SELINUX=enforcing/SELINUX=disabled/" -i /etc/selinux/config
reboot

 

ネットワーク

 

firewalld

 

Samba


udp/137、udp/138、tcp/139、tcp/445を開ける
※CentOS7.2以前のCentOS7場合はfirewalldのバージョン場古く、下記を実行できない。アップデートすること。

yum update firewalld -y

 

  1. ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=samba
  2. 現在ルールが適用されていないことを確認する
    firewall-cmd --zone=public --list-services --permanent | sed -e "s/ /\n/g" | grep samba
  3. ルールを適用する
    firewall-cmd --zone=public --add-service=samba --permanent
  4. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep samba
  5. 設定を再読み込みして反映させる
    firewall-cmd --reload

 

Sambaの構築

 

インストール

 

ソースコードからインストール

 

 

  1. rootになる
    su -
  2. ソースコードを取得する
    1. ダウンロードサイト:https://www.samba.org/samba/download/からアーカイブのURLを取得する
      ※右側「Releases」に記載
    2. ダウンロードする
      curl -O -s https://download.samba.org/pub/samba/stable/samba-4.10.6.tar.gz
    3. アーカイブファイルを展開する
      tar xzfv samba-*.tar.gz
    4. ソースコードディレクトリへ移動する
      cd samba-*
  3. コンパイル、インストールを行う
    1. 関連パッケージをインストールする
      • 参考
        yum install attr bind-utils docbook-style-xsl gcc gdb krb5-workstation \
      libsemanage-python libxslt perl perl-ExtUtils-MakeMaker \
      perl-Parse-Yapp perl-Test-Base pkgconfig policycoreutils-python \
      python2-crypto gnutls-devel libattr-devel keyutils-libs-devel \
      libacl-devel libaio-devel libblkid-devel libxml2-devel openldap-devel \
      pam-devel popt-devel python-devel readline-devel zlib-devel systemd-devel \
      lmdb-devel jansson-devel gpgme-devel pygpgme libarchive-devel python36 python36-devel -y
    2. コンパイル最適化設定を行う
      export CFLAGS="-O3 -m64"
    3. Makefileを生成する
      ※without-ad-dcオプションによりWindows AD DC機能を無効化する
      ./configure --prefix=/usr/local/`pwd | sed "s/.*\///"` \
    --oldincludedir=/usr/local/`pwd | sed "s/.*\///"`/include \
    --without-ad-dc \
    2>&1 | tee configure.log.`date +"%Y%m%d"`
      • オプション一覧

        [root@samba samba-4.10.6]# ./configure --help
waf [commands] [options]

        Main commands (example: ./waf build -j4)
          build       : build all targets
          clean       : cleans the project
          configure   : configures the project
          ctags       : build 'tags' file using ctags
          dist        : makes a tarball for distribution
          distcheck   : test that distribution tarball builds and installs
          distclean   : removes build folders and data
          etags       : build TAGS file using etags
          install     : installs the targets on the system
          list        : lists the targets to execute
          pep8        : run pep8 validator
          pydoctor    : build python apidocs
          reconfigure : reconfigure if config scripts have changed
          step        : executes tasks in a step-by-step fashion, for debugging
          test        : Run the test suite (see test options below)
          testonly    : run tests without doing a build first
          uninstall   : removes the targets installed
          wafdocs     : build wafsamba apidocs
          wildcard_cmd: called on a unknown command

        Options:
          --version
                    show program's version number and exit
          -c COLORS, --color=COLORS
                    whether to use colors (yes/no/auto) [default: auto]
          -j JOBS, --jobs=JOBS
                    amount of parallel jobs (1)
          -k, --keep
                    continue despite errors (-kk to try harder)
          -v, --verbose
                    verbosity level -v -vv or -vvv [default: 0]
          --zones=ZONES
                    debugging zones (task_gen, deps, tasks, etc)
          -h, --help
                    show this help message and exit
          --with-libiconv=ICONV_OPEN
                    additional directory to search for libiconv
          --without-gettext
                    Disable use of gettext
          --disable-python
                    do not generate python modules
          --extra-python=PYTHON
                    build selected libraries for the specified additional version of Python (example: --extra-python=/usr/bin/python3)
          --disable-tdb-mutex-locking
                    Disable the use of pthread robust mutexes
          --without-ldb-lmdb
                    disable new LMDB backend for LDB
          --enable-selftest
                    enable options necessary for selftest (default=no)
          --enable-coverage
                    enable options necessary for code coverage reporting on selftest (default=no)
          --with-selftest-prefix=SELFTEST_PREFIX
                    specify location of selftest directory (default=./st)
          --enable-gnutls
                    Enable use of gnutls
          --with-gpgme
                    Build with gpgme support (default=auto). This requires gpgme devel and python packages (e.g. libgpgme11-dev, python-gpgme on debian/ubuntu).
          --with-static-modules=STATIC_MODULES
                    Comma-separated list of names of modules to statically link in. May include !module to disable 'module'. Can be '!FORCED' to disable all non-required
                    static only modules. Can be '!DEFAULT' to disable all modules defaulting to a static build. Can be 'ALL' to build all default shared modules static. The
                    most specific one wins, while the order is ignored and --with-static-modules is evaluated before --with-shared-modules
          --with-shared-modules=SHARED_MODULES
                    Comma-separated list of names of modules to build shared. May include !module to disable 'module'. Can be '!FORCED' to disable all non-required shared
                    only modules. Can be '!DEFAULT' to disable all modules defaulting to a shared build. Can be 'ALL' to build all default static modules shared. The most
                    specific one wins, while the order is ignored and --with-static-modules is evaluated before --with-shared-modules
          --with-winbind
                    Build with winbind support (default=yes)
          --with-ads
                    Build with ads support (default=yes)
          --with-ldap
                    Build with ldap support (default=yes)
          --enable-cups
                    Build with cups support (default=yes)
          --enable-iprint
                    Build with iprint support (default=yes)
          --with-pam
                    Build with pam support (default=yes)
          --with-quotas
                    Build with quotas support (default=yes)
          --with-sendfile-support
                    Build with sendfile-support support (default=auto)
          --with-utmp
                    Build with utmp support (default=yes)
          --enable-avahi
                    Build with avahi support (default=yes)
          --with-iconv
                    Build with iconv support (default=yes)
          --with-acl-support
                    Build with acl-support support (default=yes)
          --with-dnsupdate
                    Build with dnsupdate support (default=yes)
          --with-syslog
                    Build with syslog support (default=yes)
          --with-automount
                    Build with automount support (default=yes)
          --with-dmapi
                    Build with dmapi support (default=auto)
          --with-fam
                    Build with fam support (default=auto)
          --with-profiling-data
                    Build with profiling-data support (default=no)
          --with-libarchive
                    Build with libarchive support (default=yes)
          --with-cluster-support
                    Build with cluster-support support (default=no)
          --with-regedit
                    Build with regedit support (default=auto)
          --with-fake-kaserver
                    Include AFS fake-kaserver support
          --enable-glusterfs
                    Build with glusterfs support (default=yes)
          --enable-cephfs
                    Build with cephfs support (default=yes)
          --enable-vxfs
                    enable support for VxFS (default=no)
          --enable-spotlight
                    Build with spotlight support (default=no)
          --disable-fault-handling
                    disable the fault handlers
          --with-systemd
                    Enable systemd integration
          --without-systemd
                    Disable systemd integration
          --with-lttng
                    Enable lttng integration
          --without-lttng
                    Disable lttng integration
          --with-gpfs=GPFS_HEADERS_DIR
                    Directory under which gpfs headers are installed
          --accel-aes=ACCEL_AES
                    Should we use accelerated AES crypto functions. Options are intelaesni|none.
          --enable-infiniband
                    Turn on infiniband support (default=no)
          --enable-pmda
                    Turn on PCP pmda support (default=no)
          --enable-etcd-reclock
                    Enable etcd recovery lock helper (default=no)
          --with-libcephfs=LIBCEPHFS_DIR
                    Directory under which libcephfs is installed
          --enable-ceph-reclock
                    Enable Ceph CTDB recovery lock helper (default=no)
          --with-logdir=CTDB_LOGDIR
                    Path to log directory
          --with-socketpath=CTDB_SOCKPATH
                    path to CTDB daemon socket
          --enable-pthreadpool
                    Build with pthreadpool support (default=yes)
          --with-system-mitkrb5
                    build Samba with system MIT Kerberos. You may specify list of paths where Kerberos is installed (e.g. /usr/local /usr/kerberos) to search krb5-config
          --with-experimental-mit-ad-dc
                    Enable the experimental MIT Kerberos-backed AD DC.  Note that security patches are not issued for this configuration
          --with-system-mitkdc=WITH_SYSTEM_MITKDC
                    Specify the path to the krb5kdc binary from MIT Kerberos
          --with-system-heimdalkrb5
                    conflicts with --with-system-mitkrb5
          --without-ad-dc
                    disable AD DC functionality (enables only Samba FS (File Server, Winbind, NMBD) and client utilities.
          --with-ntvfs-fileserver
                    enable the deprecated NTVFS file server from the original Samba4 branch (default if --enable-selftest specified).  Conflicts with --with-system-mitkrb5
                    and --without-ad-dc
          --without-ntvfs-fileserver
                    disable the deprecated NTVFS file server from the original Samba4 branch
          --with-pie
                    Build Position Independent Executables (default if supported by compiler)
          --without-pie
                    Disable Position Independent Executable builds
          --with-relro
                    Build with full RELocation Read-Only (RELRO)(default if supported by compiler)
          --without-relro
                    Disable RELRO builds
          --with-json
                    Build with JSON support (default=True). This requires the jansson development headers.
          --without-json
                    Build without JSON support.

          Configuration options:
            -o OUT, --out=OUT
                    build dir for the project
            -t TOP, --top=TOP
                    src dir for the project
            --check-c-compiler=CHECK_C_COMPILER
                    list of C compilers to try [gcc clang icc generic_cc]

          Build and installation options:
            -p, --progress
                    -p: progress bar; -pp: ide output
            --targets=TARGETS
                    task generators, e.g. "target1,target2"

          Step options:
            --files=FILES
                    files to process, by regexp, e.g. "*/main.c,*/test/main.o"

          Installation and uninstallation options:
            -f, --force
                    force file installation
            --distcheck-args=ARGS
                    arguments to pass to distcheck

          Installation prefix:
            By default, "waf install" will put the files in "/usr/local/bin", "/usr/local/lib" etc. An installation prefix other than "/usr/local" can be given using "--
            prefix", for example "--prefix=$HOME"

            --prefix=PREFIX
                    installation prefix [default: '/usr/local/samba']
            --destdir=DESTDIR
                    installation root [default: '']
            --exec-prefix=EXEC_PREFIX
                    installation prefix for binaries [PREFIX]

          Installation directories:
            --bindir=BINDIR
                    user commands [EXEC_PREFIX/bin]
            --sbindir=SBINDIR
                    system binaries [EXEC_PREFIX/sbin]
            --libexecdir=LIBEXECDIR
                    program-specific binaries [EXEC_PREFIX/libexec]
            --sysconfdir=SYSCONFDIR
                    host-specific configuration [PREFIX/etc]
            --sharedstatedir=SHAREDSTATEDIR
                    architecture-independent variable data [PREFIX/com]
            --localstatedir=LOCALSTATEDIR
                    variable data [PREFIX/var]
            --libdir=LIBDIR
                    object code libraries [EXEC_PREFIX/lib64]
            --includedir=INCLUDEDIR
                    header files [PREFIX/include]
            --oldincludedir=OLDINCLUDEDIR
                    header files for non-GCC compilers [/usr/include]
            --datarootdir=DATAROOTDIR
                    architecture-independent data root [PREFIX/share]
            --datadir=DATADIR
                    architecture-independent data [DATAROOTDIR]
            --infodir=INFODIR
                    GNU "info" documentation [DATAROOTDIR/info]
            --localedir=LOCALEDIR
                    locale-dependent data [DATAROOTDIR/locale]
            --mandir=MANDIR
                    manual pages [DATAROOTDIR/man]
            --docdir=DOCDIR
                    documentation root [DATAROOTDIR/doc/PACKAGE]
            --htmldir=HTMLDIR
                    HTML documentation [DOCDIR]
            --dvidir=DVIDIR
                    DVI documentation [DOCDIR]
            --pdfdir=PDFDIR
                    PDF documentation [DOCDIR]
            --psdir=PSDIR
                    PostScript documentation [DOCDIR]

          library handling options:
            --bundled-libraries=BUNDLED_LIBS
                    comma separated list of bundled libraries. May include !LIBNAME to disable bundling a library. Can be 'NONE' or 'ALL' [auto]
            --private-libraries=PRIVATE_LIBS
                    comma separated list of normally public libraries to build instead as private libraries. May include !LIBNAME to disable making a library private. Can be
                    'NONE' or 'ALL' [auto]
            --private-library-extension=PRIVATE_EXTENSION
                    name extension for private libraries [samba4]
            --private-extension-exception=PRIVATE_EXTENSION_EXCEPTION
                    comma separated list of libraries to not apply extension to []
            --builtin-libraries=BUILTIN_LIBRARIES
                    command separated list of libraries to build directly into binaries [NONE]
            --minimum-library-version=MINIMUM_LIBRARY_VERSION
                    list of minimum system library versions (LIBNAME1:version,LIBNAME2:version)
            --disable-rpath
                    Disable use of rpath for build binaries
            --disable-rpath-install
                    Disable use of rpath for library path in installed files
            --disable-rpath-private-install
                    Disable use of rpath for private library path in installed files
            --nonshared-binary=NONSHARED_BINARIES
                    Disable use of shared libs for the listed binaries
            --disable-symbol-versions
                    Disable use of the --version-script linker option

          developer options:
            -C      enable configure cacheing
            --enable-auto-reconfigure
                    enable automatic reconfigure on build
            --enable-debug
                    Turn on debugging symbols
            --enable-developer
                    Turn on developer warnings and debugging
            --picky-developer
                    Treat all warnings as errors (enable -Werror)
            --fatal-errors
                    Stop compilation on first error (enable -Wfatal-errors)
            --enable-gccdeps
                    Enable use of gcc -MD dependency module
            --pedantic
                    Enable even more compiler warnings
            --git-local-changes
                    mark version with + if local git changes
            --address-sanitizer
                    Enable address sanitizer compile and linker flags
            --abi-check
                    Check ABI signatures for libraries
            --abi-check-disable
                    Disable ABI checking (used with --enable-developer)
            --abi-update
                    Update ABI signature files for libraries
            --show-deps=SHOWDEPS
                    Show dependency tree for the given target
            --symbol-check
                    check symbols in object files against project rules
            --dup-symbol-check
                    check for duplicate symbols in object files and system libs (must be configured with --enable-developer)
            --why-needed=WHYNEEDED
                    TARGET:DEPENDENCY check why TARGET needs DEPENDENCY
            --show-duplicates
                    Show objects which are included in multiple binaries or libraries

          cross compilation options:
            --cross-compile
                    configure for cross-compilation
            --cross-execute=CROSS_EXECUTE
                    command prefix to use for cross-execution in configure
            --cross-answers=CROSS_ANSWERS
                    answers to cross-compilation configuration (auto modified)
            --hostcc=HOSTCC
                    set host compiler when cross compiling

          dist options:
            --sign-release
                    sign the release tarball created by waf dist
            --tag=TAG_RELEASE
                    tag release in git at the same time

          Samba-specific directory layout:
            --enable-fhs
                    Use FHS-compliant paths (default no)
                    You should consider using this together with:
                    --prefix=/usr --sysconfdir=/etc --localstatedir=/var
            --with-privatelibdir=PRIVATELIBDIR
                    Which directory to use for private Samba libraries
                    [STD-Default: ${LIBDIR}/private]
                    [FHS-Default: ${LIBDIR}/samba]
            --with-modulesdir=MODULESDIR
                    Which directory to use for Samba modules
                    [STD-Default: ${LIBDIR}]
                    [FHS-Default: ${LIBDIR}/samba]
            --with-pammodulesdir=PAMMODULESDIR
                    Which directory to use for PAM modules
                    [STD-Default: ${LIBDIR}/security]
                    [FHS-Default: ${LIBDIR}/security]
            --with-configdir=CONFIGDIR
                    Where to put configuration files
                    [STD-Default: ${SYSCONFDIR}]
                    [FHS-Default: ${SYSCONFDIR}/samba]
            --with-privatedir=PRIVATE_DIR
                    Where to put sam.ldb and other private files
                    [STD-Default: ${PREFIX}/private]
                    [FHS-Default: ${LOCALSTATEDIR}/lib/samba/private]
            --with-bind-dns-dir=BINDDNS_DIR
                    bind-dns config directory
                    [STD-Default: ${PREFIX}/bind-dns]
                    [FHS-Default: ${LOCALSTATEDIR}/lib/samba/bind-dns]
            --with-lockdir=LOCKDIR
                    Where to put short term disposable state files
                    [STD-Default: ${LOCALSTATEDIR}/lock]
                    [FHS-Default: ${LOCALSTATEDIR}/lock/samba]
            --with-piddir=PIDDIR
                    Where to put pid files
                    [STD-Default: ${LOCALSTATEDIR}/run]
                    [FHS-Default: ${LOCALSTATEDIR}/run/samba]
            --with-statedir=STATEDIR
                    Where to put persistent state files
                    [STD-Default: ${LOCALSTATEDIR}/locks]
                    [FHS-Default: ${LOCALSTATEDIR}/lib/samba]
            --with-cachedir=CACHEDIR
                    Where to put temporary cache files
                    [STD-Default: ${LOCALSTATEDIR}/cache]
                    [FHS-Default: ${LOCALSTATEDIR}/cache/samba]
            --with-logfilebase=LOGFILEBASE
                    Where to put log files
                    [STD-Default: ${LOCALSTATEDIR}]
                    [FHS-Default: ${LOCALSTATEDIR}/log/samba]
            --with-sockets-dir=SOCKET_DIR
                    socket directory
                    [STD-Default: ${LOCALSTATEDIR}/run]
                    [FHS-Default: ${LOCALSTATEDIR}/run/samba]
            --with-privileged-socket-dir=PRIVILEGED_SOCKET_DIR
                    privileged socket directory
                    [STD-Default: ${LOCALSTATEDIR}/lib]
                    [FHS-Default: ${LOCALSTATEDIR}/lib/samba]
            --with-smbpasswd-file=SMB_PASSWD_FILE
                    Where to put the smbpasswd file
                    [STD-Default: ${PRIVATE_DIR}/smbpasswd]
                    [FHS-Default: ${PRIVATE_DIR}/smbpasswd]

          systemd installation options:
            --systemd-install-services
                    install systemd service files to manage daemons (default=no)
            --with-systemddir=SYSTEMDDIR
                    systemd service directory [PREFIX/lib/systemd/system]
            --systemd-smb-extra=Option=Value
                    Extra directives added to the smb service file. Can be given multiple times.
            --systemd-nmb-extra=Option=Value
                    Extra directives added to the nmb service file. Can be used multiple times.
            --systemd-winbind-extra=Option=Value
                    Extra directives added to the winbind service file. Can be used multiple times.
            --systemd-samba-extra=Option=Value
                    Extra directives added to the samba service file. Can be used multiple times.

          Python Options:
            --nopyc
                    Do not install bytecode compiled .pyc files (configuration) [Default:install]
            --nopyo
                    Do not install optimised compiled .pyo files (configuration) [Default:install]
            --nopycache
                    Do not use __pycache__ directory to install objects [Default:auto]
            --python=PYTHON
                    python binary to be used [Default: /usr/bin/python3]
            --pythondir=PYTHONDIR
                    Installation path for python modules (py, platform-independent .py and .pyc files)
            --pythonarchdir=PYTHONARCHDIR
                    Installation path for python extension (pyext, platform-dependent .so or .dylib files)

          test options:
            --load-list=LOAD_LIST
                    Load a test id list from a text file
            --list  List available tests
            --tests=TESTS
                    wildcard pattern of tests to run
            --filtered-subunit
                    output (xfail) filtered subunit
            --quick
                    enable only quick tests
            --slow  enable the really slow tests
            --nb-slowest=NB_SLOWEST
                    Show the n slowest tests (default=10)
            --testenv
                    start a terminal with the test environment setup
            --valgrind
                    use valgrind on client programs in the tests
            --valgrind-log=VALGRINDLOG
                    where to put the valgrind log
            --valgrind-server
                    use valgrind on the server in the tests (opens an xterm)
            --screen
                    run the samba servers in screen sessions
            --gdbtest
                    run the servers within a gdb window
            --fail-immediately
                    stop tests on first failure
            --socket-wrapper-pcap
                    create a pcap file for each failing test
            --socket-wrapper-keep-pcap
                    create a pcap file for all individual test
            --random-order
                    Run testsuites in random order
            --perf-test
                    run performance tests only
            --test-list=TEST_LIST
                    use tests listed here, not defaults (--test-list='FOO|' will execute FOO; --test-list='FOO' will read it)
      • オプション
        • –oldincludedir
          ヘッダファイルなどのインストールパス
    4. コンパイルする
      make 2>&1 | tee make.log.`date +"%Y%m%d"`
    5. インストールを行う。
      make install 2>&1 | tee make_install.log.`date +"%Y%m%d"`
  4. リンク作成、環境変数設定などを行う
    1. インストールディレクトリへのシンボリックリンクを作成する。
      これによって、複数のバージョンを同居させ、リンクを切り替えることで、バージョン変更が可能となる。
      各バージョンの実行ファイルはデフォルトでは各バージョンの設定ファイルを読み込むこととなる。
      rm -f /usr/local/samba
ln -s /usr/local/`pwd | sed "s/.*\///"` /usr/local/samba
    2. 簡単にアクセスできるように環境変数を設定する
      export SAMBA_HOME=/usr/local/samba
    3. ツール類にパスを通す
      export PATH=$SAMBA_HOME/bin:$SAMBA_HOME/sbin:$PATH
    4. パスが通ったことを確認する
      smbd --version
    5. 環境変数を再起動後も有効にする
      echo "" >> /etc/bashrc
echo "# SAMBA ENVIRONMENT VARIABLE" >> /etc/bashrc
echo "export SAMBA_HOME=$SAMBA_HOME" >> /etc/bashrc
echo "export PATH=\$SAMBA_HOME/bin:\$SAMBA_HOME/sbin:\$PATH" >> /etc/bashrc
  5. systemdの設定する
    1. サービスファイルを作成する
      ※1024番以下のポートを使用する場合はパラメータ”User”を使用してroot以外を指定することをしてはならない。
      cat > /etc/systemd/system/smb.service << EOT
[Unit]
Description=Samba SMB Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
After=network.target nmb.service winbind.service

[Service]
Type=notify
NotifyAccess=all
PIDFile=$SAMBA_HOME/var/run/smbd.pid
LimitNOFILE=16384
ExecStart=$SAMBA_HOME/sbin/smbd --foreground --no-process-group
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity

[Install]
WantedBy=multi-user.target
EOT
    2. 必要であれば、ソケットファイルも作成する。
      ソケットファイルはスーパーデーモンを利用する際に使用する。
      Sambaを使用する頻度が低いなら設定しておくと良い。
      cat > /etc/systemd/system/smb.socket << EOT
[Unit]
Description=Samba SMB Daemon activation socket

[Socket]
#samba expects separate IPv4 and IPv6 sockets
BindIPv6Only=ipv6-only
ListenStream=0.0.0.0:139
ListenStream=[::]:139
ListenStream=0.0.0.0:445
ListenStream=[::]:445
KeepAlive=true

[Install]
WantedBy=sockets.target
EOT
    3. サービスを有効化する
      systemctl enable smb
    4. サービスが有効化されていることを確認する
      systemctl list-unit-files --type service --no-pager | grep smb
  6. 設定ファイルを作成する
    サンプルファイルを使用する場合、コピーする
    cp examples/smb.conf.default $SAMBA_HOME/etc/smb.conf
    ※原則初めから自分で作成した方がよい
    ※デフォルトの設定ファイルの内容は下記

    # This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = MYGROUP

# server string is the equivalent of the NT Description field
   server string = Samba Server

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /usr/local/samba/var/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Specifies the Kerberos or Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#      Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = no
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
    自作する場合
    cat > $SAMBA_HOME/etc/smb.conf << EOT
[global]
log file = $SAMBA_HOME/var/log/samba.log
max log size = 50
security = user
EOT
    ログ出力先のディレクトリを作成する。
    mkdir $SAMBA_HOME/var/log
  7. 設定ファイルに誤りがないか確認する
    問題があれば、”Error”が出力される
    testparm -s
  8. 不要なソースコードを削除する
    cd ../
rm -rf samba*
  9. インストールしたディレクトリに移動する
    cd $SAMBA_HOME
  10. Sambaを起動する
    systemctl start smb
  11. 稼働確認
    smbcontrol smbd ping

 

パッケージからインストール

 

  1. インストールされていないことを確認
    yum list installed | grep samba
  2. インストール
    yum install samba samba-client -y
    • 出力例

      [root@samba1 ~]# yum install samba
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.usonyx.net
 * extras: ftp.iij.ad.jp
 * updates: centos.usonyx.net
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: samba-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common-tools = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-client-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libwbclient = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-tdb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-reg-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.16)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1(TDB_1.2.5)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1(TDB_1.2.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsys-rw-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsocket-blocking-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-shim-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-base-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbconf.so.0(SMBCONF_0)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmb-transport-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libserver-id-db-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsecrets3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba3-util-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-sockets-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-security-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-errors.so.1(SAMBA_ERRORS_1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-debug-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-cluster-support-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libpopt-samba3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr.so.0(NDR_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-samba-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmsghdr-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmessages-dgm-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: liblibsmb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgse-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgenrand-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libdbwrap-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcliauth-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-smb-common-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-nbt-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-cldap-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libauth-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libCHARSET3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-tdb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-reg-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent-util.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtalloc.so.2()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsys-rw-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsocket-blocking-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-shim-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-base-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbconf.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmb-transport-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libserver-id-db-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsecrets3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba3-util-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-util.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-sockets-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-security-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-passdb.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-hostconfig.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-errors.so.1()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-debug-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-cluster-support-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libreplace-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libpopt-samba3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-standard.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-samba-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-nbt.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmsghdr-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmessages-dgm-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: liblibsmb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgse-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgenrand-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libdbwrap-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcliauth-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-smb-common-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-nbt-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-cldap-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libauth-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libCHARSET3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Running transaction check
---> Package libtalloc.x86_64 0:2.1.13-1.el7 will be installed
---> Package libtdb.x86_64 0:1.3.15-1.el7 will be installed
---> Package libtevent.x86_64 0:0.9.36-1.el7 will be installed
---> Package libwbclient.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-client-libs.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: libldb.so.1(LDB_1.3.0)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.30)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.19)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.1)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.23)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.15)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.10)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1()(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
---> Package samba-common.noarch 0:4.8.3-4.el7 will be installed
---> Package samba-common-libs.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-common-tools.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-libs.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2()(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Running transaction check
---> Package libldb.x86_64 0:1.3.4-1.el7 will be installed
---> Package pytalloc.x86_64 0:2.1.13-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                   Arch          Version              Repository   Size
================================================================================
Installing:
 samba                     x86_64        4.8.3-4.el7          base        680 k
Installing for dependencies:
 libldb                    x86_64        1.3.4-1.el7          base        137 k
 libtalloc                 x86_64        2.1.13-1.el7         base         32 k
 libtdb                    x86_64        1.3.15-1.el7         base         48 k
 libtevent                 x86_64        0.9.36-1.el7         base         36 k
 libwbclient               x86_64        4.8.3-4.el7          base        109 k
 pytalloc                  x86_64        2.1.13-1.el7         base         17 k
 samba-client-libs         x86_64        4.8.3-4.el7          base        4.8 M
 samba-common              noarch        4.8.3-4.el7          base        206 k
 samba-common-libs         x86_64        4.8.3-4.el7          base        164 k
 samba-common-tools        x86_64        4.8.3-4.el7          base        448 k
 samba-libs                x86_64        4.8.3-4.el7          base        276 k

Transaction Summary
================================================================================
Install  1 Package (+11 Dependent packages)

Total size: 6.9 M
Total download size: 6.9 M
Installed size: 24 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/11): libtalloc-2.1.13-1.el7.x86_64.rpm                  |  32 kB   00:00
(2/11): libtevent-0.9.36-1.el7.x86_64.rpm                  |  36 kB   00:00
(3/11): libldb-1.3.4-1.el7.x86_64.rpm                      | 137 kB   00:00
(4/11): pytalloc-2.1.13-1.el7.x86_64.rpm                   |  17 kB   00:00
(5/11): libwbclient-4.8.3-4.el7.x86_64.rpm                 | 109 kB   00:00
(6/11): samba-4.8.3-4.el7.x86_64.rpm                       | 680 kB   00:00
(7/11): samba-common-4.8.3-4.el7.noarch.rpm                | 206 kB   00:00
(8/11): samba-common-libs-4.8.3-4.el7.x86_64.rpm           | 164 kB   00:00
(9/11): samba-common-tools-4.8.3-4.el7.x86_64.rpm          | 448 kB   00:00
(10/11): samba-libs-4.8.3-4.el7.x86_64.rpm                 | 276 kB   00:00
(11/11): samba-client-libs-4.8.3-4.el7.x86_64.rpm          | 4.8 MB   00:01
--------------------------------------------------------------------------------
Total                                              5.0 MB/s | 6.9 MB  00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libtalloc-2.1.13-1.el7.x86_64                               1/12
  Installing : libtdb-1.3.15-1.el7.x86_64                                  2/12
  Installing : libtevent-0.9.36-1.el7.x86_64                               3/12
  Installing : samba-common-4.8.3-4.el7.noarch                             4/12
  Installing : libldb-1.3.4-1.el7.x86_64                                   5/12
  Installing : libwbclient-4.8.3-4.el7.x86_64                              6/12
  Installing : samba-client-libs-4.8.3-4.el7.x86_64                        7/12
  Installing : samba-common-libs-4.8.3-4.el7.x86_64                        8/12
  Installing : pytalloc-2.1.13-1.el7.x86_64                                9/12
  Installing : samba-libs-4.8.3-4.el7.x86_64                              10/12
  Installing : samba-common-tools-4.8.3-4.el7.x86_64                      11/12
  Installing : samba-4.8.3-4.el7.x86_64                                   12/12
  Verifying  : samba-common-4.8.3-4.el7.noarch                             1/12
  Verifying  : libtdb-1.3.15-1.el7.x86_64                                  2/12
  Verifying  : libtalloc-2.1.13-1.el7.x86_64                               3/12
  Verifying  : libtevent-0.9.36-1.el7.x86_64                               4/12
  Verifying  : samba-client-libs-4.8.3-4.el7.x86_64                        5/12
  Verifying  : samba-4.8.3-4.el7.x86_64                                    6/12
  Verifying  : libwbclient-4.8.3-4.el7.x86_64                              7/12
  Verifying  : samba-libs-4.8.3-4.el7.x86_64                               8/12
  Verifying  : samba-common-libs-4.8.3-4.el7.x86_64                        9/12
  Verifying  : samba-common-tools-4.8.3-4.el7.x86_64                      10/12
  Verifying  : libldb-1.3.4-1.el7.x86_64                                  11/12
  Verifying  : pytalloc-2.1.13-1.el7.x86_64                               12/12

Installed:
  samba.x86_64 0:4.8.3-4.el7

Dependency Installed:
  libldb.x86_64 0:1.3.4-1.el7
  libtalloc.x86_64 0:2.1.13-1.el7
  libtdb.x86_64 0:1.3.15-1.el7
  libtevent.x86_64 0:0.9.36-1.el7
  libwbclient.x86_64 0:4.8.3-4.el7
  pytalloc.x86_64 0:2.1.13-1.el7
  samba-client-libs.x86_64 0:4.8.3-4.el7
  samba-common.noarch 0:4.8.3-4.el7
  samba-common-libs.x86_64 0:4.8.3-4.el7
  samba-common-tools.x86_64 0:4.8.3-4.el7
  samba-libs.x86_64 0:4.8.3-4.el7

Complete!
  3. インストールされていることを確認する
    smbd --version

 

共有フォルダ作成


以下は共有フォルダを作成するサンプルである。

  1. 共有フォルダを作成する
    mkdir -p /usr/local/data/samba/public
chmod 777 /usr/local/data/samba/public
  2. 設定ファイルを作成する
    cat >> $SAMBA_HOME/etc/smb.conf << EOT

[public]
read only = no
path = /usr/local/data/samba/public
create mask = 660
force create mode = 660
directory mask = 770
force directory mode = 770
# guest ok = yes # no auth
EOT
  3. ユーザを作成する
    useradd --no-create-home --shell /sbin/nologin public
pdbedit -a -u public
# パスワードを入力する
  4. Sambaを起動する
    systemctl restart smb
  5. Window PCからエクスプローラで「\\<IPアドレス>\」にアクセスする。
    その際のユーザ名はpublicで、パスワードは上記で入力したものである。

 

管理

 

管理コマンド一覧

 

pdbedit


ユーザの追加・削除・一覧表示を行う。

 

 

 

 


Common samba options:

 

smbpasswd


ユーザの作成、パスワードの設定・変更が行える。

 

 

 

 

 

smbstatus


Sambaサーバに接続されているクライアント、利用中の共有、ロックされているファイルを表示できる。

 

簡易ステータス表示


接続状況についてステータスを表示する。
Samba自体が起動していない状態でもエラーが出ずに接続なしで表示されるので、Sambaの稼働チェックには使用できない。

smbstatus -b

 

詳細ステータス表示


接続状況についてステータスを表示する。
Samba自体が起動していない状態でもエラーが出ずに接続なしで表示されるので、Sambaの稼働チェックには使用できない。

smbstatus -v

 

nmblookup


ワークグループ内のホストやマスターブラウザを調べる

 

eventlogadm

 

mksmbpasswd.sh

 

nmbd

 

smbd


デーモンプログラム。デバッグ用途で手動で起動する以外は基本的に使用しない。

 

ビルド情報の表示

 

smbd -b

 

net

 

pdbedit

 

profiles

 

smbcontrol


smbd、nmbd、winbinddの操作ツール。

 

死活確認

 

smbcontrol smbd ping

 

終了

 

smbcontrol smbd shutdown

 

設定再読み込み

 

smbcontrol smbd reload-config

 

smbcquotas

 

smbpasswd

 

testparm


設定ファイル(smb.conf)の記載誤りの確認や、パラメータの表示などを行える。

 



一覧表示

 

 

 

設定確認

 

testparm -s

 

実行例

 




winbindd

 

ntlm_auth

 

wbinfo






設定


Sambaサーバの設定は次のファイルを変更することで行う。

/etc/samba/smb.conf

 

設定ファイルの初期状態

 

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================

[global]

# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = MYGROUP
        server string = Samba Server Version %v

;       netbios name = MYSERVER

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;       hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *


;       security = domain
;       passdb backend = tdbsam
;       realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;       security = user
;       passdb backend = tdbsam

;       domain master = yes
;       domain logons = yes

        # the login script name depends on the machine name
;       logon script = %m.bat
        # the login script name depends on the unix user used
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # disables profiles support by specifing an empty path
;       logon path =

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
;       add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;       local master = no
;       os level = 33
;       preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one        WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

;       wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes

;       dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

        load printers = yes
        cups options = raw

;       printcap name = /etc/printcap
        #obtain list of printers automatically on SystemV
;       printcap name = lpstat
;       printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;       map archive = no
;       map hidden = no
;       map read only = no
;       map system = no
;       store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;       [public]
;       comment = Public Stuff
;       path = /home/samba
;       public = yes
;       writable = yes
;       printable = no
;       write list = +staff

 

設定ファイルの記法


設定ファイルは次のような書き方となっている。

[セクション]
パラメータ名 = 値

セクションはそれぞれ共有リソースに対応し、そのセクション中で設定されたパラメータが適用される。
セクション名は規定のもの以外では任意の名前をつけられ、それが共有名となる。
セクション定義行から次のセクション定義までがそのセクションの設定となる。
;か#で始まる行はコメントである。

変数


値には %X の記法で変数を使用できる。

 

 

設定の構文チェック


構文チェックをtestparmコマンドで行うことができる。

globalセクション


Samba全体にわたる設定を行うセクション。
下記の設定はglobalセクションのみで記述できる。

workgroup


Sambaサーバが所属するワークグループ名もしくはドメイン名を指定する

workgroup = <グループ名>

 

netbios name


SambaサーバのNetBIOS名を指定する

netbios name = <NetBIOS名>

 

server string


サーバの説明文を記述する。ブラウジングの際にマウスオーバーで表示される。

server string = <サーバ説明文>

 

interfaces


Sambaによる接続を受け付けるインタフェースを指定する。

interfaces = <インタフェース名>|<インタフェースIPアドレス> [...]

 

hosts allow


接続を許可するホストを指定する。
このパラメータを設定した場合、許可されなかったホストは拒否される。
スペースで区切って複数記述できる。
192.168.と書くことで、192.168.0.0/16の範囲を許可することができる。

hosts allow = <ホスト> [...]

 

hosts deny


接続を拒否するホストを指定する。
このパラメータを設定した場合、拒否されなかったホストは許可される。

hosts deny = <ホスト> [...]

 

guest account


Guestとして利用するアカウント名を指定する
デフォルトは”nobody”アカウントとなる。

guest account = <アカウント名>

 

map to guest


Sambaユーザ認証ができなかった場合の挙動を指定する

map to guest = (Never|Bad User|Bad Password)

 

log file


ログファイルを指定する

log file

 

max log size


ログファイルの最大サイズをKB単位で指定する。
0の場合は制限がない。

max log size = <最大ログファイルサイズ>

 

encrypt passwords = (Yes|No)


YesとNoが指定でき、Yesの場合はNetBIOS認証をハッシュ値で行う方式にする。

encrypt passwords

 

smb passwd file


パスワード認証をsmbpasswd方式で行う場合のパスワードファイルを指定する

smb passwd file

 

unix password sync


YesかNoを記述し、SambaのパスワードとLinuxのパスワードを同期させるかどうかを指定する。
このパラメータを有効にする場合、passwd programパラメータを必ず設定する必要がある。

unix password sync = (Yes|No)

 

passwd program


Samba側でパスワードを変更した際に実行するプログラムを指定する。

passwd program = <パスワード変更プログラムパス>

passwd program = /usr/bin/passwd %u

 

passwd chat


Samba側でパスワードを変更した際の応答内容を記述する

passwd chat

 

username map


Linuxのユーザーを別のユーザー名にマッピングした内容を記述したファイルを指定する。
マッピングファイル内では、次の書式で記述する。

<Linuxユーザ名> = "<Windowsユーザ名>"

Windowsユーザ名は日本語にも対応できる。

username map

 

logon script


ログオン時に実行するスクリプトファイルを指定する

logon script

 

wins support


YesかNoで指定し、SambaサーバをWINSサーバとして動作させるときにYesとする

wins support

 

wins server


WINSサーバのIPアドレスを指定する

wins server

 

security


認証方法の設定

security = (user|share|server|domain|ads)

 

null passwords


!!廃止!!
YesかNoで指定し、空のパスワードの使用を許可・禁止する

null passwords = (Yes|No)

 

enable privileges


特定の権限をWindowsのSIDに割り当てる機能を有効にするかどうかを指定する。

 

 

 

unix extensions


UNIX拡張を利用するかどうかを制御する。
専らリンク(シンボリックリンク、ハードリンク)を使用可能にするために設定される。
Unix系クライアントからリンクを使用する場合はYesにし、Windows系クライアントからリンクを使用する場合はNoにすること。
ただし、リンクを使用する場合は「wide links」も有効にする必要がある。

 

 

個別セクション共通設定


globalセクション以降の個別の各セクション内で使用できる共通の設定項目が以下である。
globalセクション内でも設定可能である。

comment


コメント文。ブラウジングしたときに表示される。

browsable


YesかNoで指定し、ブラウジングしたときに表示されるかどうかを指定する。
ただし、共有名を直接指定するとアクセスすることは可能。
セクション名の最後に$を書くことでNoとするのと同様の効果が得られる。

 

 

writable/writeable


書き込み可能かどうかを指定する。
パラメータ”read only”の反対である。

 



read only


YesかNoで指定し、読み込み専用かどうかを指定する

 

 

path


共有ディレクトリのパスを指定する

 

force user


共有内に作成するファイル・ディレクトリのオーナーを指定する

 

force group


共有内に作成するファイル・ディレクトリのオーナーグループを指定する

 

write list


writableで書き込みできない状態の場合でも書き込みできるユーザ・グループを指定する

 

 

hide dot files


YesかNoで記述し、.で始まる名前のファイルやディレクトリを
表示しないようWindowsの隠しファイル属性を適用するかどうかを指定する。

hide files


表示させないファイル・ディレクトリを指定する。ただし、アクセスは可能。

veto files


表示させないファイル・ディレクトリを指定する。ただし、アクセスも不可。

create mask


ファイルに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ファイルのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0744。

create mask = <パーミッション>

 

directory mask


ディレクトリに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ディレクトリのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0755。

directory mask = <パーミッション>

 

force create mode


必ずファイルに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なファイルのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。

force create mode = <パーミッション>

 

force directory mode


必ずディレクトリに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なディレクトリのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。

force directory mode = <パーミッション>

 

valid users


アクセス可能なユーザ・グループを指定する

guest ok


YesかNoで記述し、Yesの場合はパスワード無しのゲストログインを許可する

guest ok = (Yes|No)

 

public


guest okと同じ

public = (Yes|No)

 

wide links


UNIXファイルシステム上のリンクをたどってアクセス可能かどうかを設定する。
リンクを有効にすると、不正なリンクファイルを配置することで意図しないパスにアクセス可能になるリスクがある。

 





homesセクション


Linuxユーザの各ホームディレクトリを一括して共有するためのセクション。
SambaにログインしたユーザがLinuxに存在する場合、そのホームディレクトリが利用可能となる。

printers


共有プリンタに関する設定を行います。

printable




print ok


このパラメーターはprintableパラメーターの別名である


lmhosts


Windowsネットワーク上にてホストのNetBIOS名とIPアドレスの名前解決のために使われるファイル。
WINSサーバで名前解決が出来なかった際にlmhostsファイルが使用される。
通常以下のパスに存在する。

/etc/samba/lmhosts

 

 

Sambaクライアント


LinuxからSambaサーバへアクセスし、Windowsネットワークを利用するにはSambaクライアントを利用する。

smbclientコマンド


Sambaクライアントとして利用できるコマンド。

 


接続が成功すると対話式で操作を行う。
以下のサブコマンドが使用可能である。
なお、テキストファイルを直接読み出すサブコマンドは無い。



マウントして利用

 

smbmount \\<サーバ名>\<共有名> <マウントポイント> [-o <オプション>]

 


Notice: Trying to get property 'queue' of non-object in /usr/local/wordpress/wp-includes/script-loader.php on line 2876

Warning: Invalid argument supplied for foreach() in /usr/local/wordpress/wp-includes/script-loader.php on line 2876