Samba 4.9.3

Contents

環境

 

 

 

サーバの構築

 

OS設定

 

SELinuxの無効化


SELinuxを無効化しないと共有にアクセスはできるが書き込みができない

sed "s/SELINUX=enforcing/SELINUX=disabled/" -i /etc/selinux/config
reboot

 

ネットワーク

 

firewalld

 

Samba


udp/137、udp/138、tcp/139、tcp/445を開ける
※CentOS7.2以前のCentOS7場合はfirewalldのバージョン場古く、下記を実行できない。アップデートすること。

yum update firewalld -y

 

  1. ルールが定義されていることを確認
    firewall-cmd --permanent --info-service=samba
  2. 現在ルールが適用されていないことを確認する
    firewall-cmd --zone=public --list-services --permanent | sed -e "s/ /\n/g" | grep samba
  3. ルールを適用する
    firewall-cmd --zone=public --add-service=samba --permanent
  4. ルールが適用されていることを確認する
    firewall-cmd --list-services --zone=public --permanent | sed -e "s/ /\n/g" | grep samba
  5. 設定を再読み込みして反映させる
    firewall-cmd --reload

 

Sambaの構築

 

インストール

 

ソースコードからインストール

 

 

  1. rootになる
    su -
  2. ソースコードを取得する
    1. ダウンロードサイト:https://www.samba.org/samba/download/からアーカイブのURLを取得する
      ※右側「Releases」に記載
    2. ダウンロードする
      curl -O -s https://download.samba.org/pub/samba/stable/samba-4.9.3.tar.gz
    3. アーカイブファイルを展開する
      tar xzfv samba-*.tar.gz
    4. ソースコードディレクトリへ移動する
      cd samba-*
  3. コンパイル、インストールを行う
    1. 関連パッケージをインストールする
      • 参考
        yum install attr bind-utils docbook-style-xsl gcc gdb krb5-workstation \
      libsemanage-python libxslt perl perl-ExtUtils-MakeMaker \
      perl-Parse-Yapp perl-Test-Base pkgconfig policycoreutils-python \
      python2-crypto gnutls-devel libattr-devel keyutils-libs-devel \
      libacl-devel libaio-devel libblkid-devel libxml2-devel openldap-devel \
      pam-devel popt-devel python-devel readline-devel zlib-devel systemd-devel \
      lmdb-devel jansson-devel gpgme-devel pygpgme libarchive-devel -y
    2. コンパイル最適化設定を行う
      export CFLAGS="-O3 -m64"
    3. Makefileを生成する
      ※without-ad-dcオプションによりWindows AD DC機能を無効化する
      ./configure --prefix=/usr/local/`pwd | sed "s/.*\///"` \
    --oldincludedir=/usr/local/`pwd | sed "s/.*\///"`/include \
    --without-ad-dc \
    --without-docs \
    2>&1 | tee configure.log.`date +"%Y%m%d"`
      • オプション一覧

        [root@samba samba-4.9.3]# ./configure --help

waf [command] [options]

Main commands (example: ./waf build -j4)
  build       : build all targets
  clean       : removes the build files
  configure   : configures the project
  ctags       : build 'tags' file using ctags
  dist        : makes a tarball for distribution
  distcheck   : test that distribution tarball builds and installs
  distclean   : removes the build directory
  etags       : build TAGS file using etags
  install     : installs the build files
  pep8        : run pep8 validator
  pydoctor    : build python apidocs
  reconfigure : reconfigure if config scripts have changed
  test        : Run the test suite (see test options below)
  testonly    : run tests without doing a build first
  uninstall   : removes the installed files
  wafdocs     : build wafsamba apidocs
  wildcard_cmd: called on a unknown command

Options:
  --version
            show program's version number and exit
  -h, --help
            show this help message and exit
  -j JOBS, --jobs=JOBS
            amount of parallel jobs ('1')
  -k, --keep
            keep running happily on independent task groups
  -v, --verbose
            verbosity level -v -vv or -vvv [default: 0]
  --nocache
            ignore the WAFCACHE (if set)
  --zones=ZONES
            debugging zones (task_gen, deps, tasks, etc)
  -p, --progress
            -p: progress bar; -pp: ide output
  --targets=COMPILE_TARGETS
            build given task generators, e.g. "target1,target2"
  --with-json-audit
            Build with JSON auth audit support (default=True). This requires the
            jansson devel package.
  --with-libiconv=ICONV_OPEN
            additional directory to search for libiconv
  --without-gettext
            Disable use of gettext
  --disable-python
            do not generate python modules
  --extra-python=PYTHON
            build selected libraries for the specified additional version of
            Python (example: --extra-python=/usr/bin/python3)
  --disable-tdb-mutex-locking
            Disable the use of pthread robust mutexes
  --without-ldb-lmdb
            disable new LMDB backend for LDB
  --enable-selftest
            enable options necessary for selftest (default=no)
  --enable-coverage
            enable options necessary for code coverage reporting on selftest
            (default=no)
  --with-selftest-prefix=SELFTEST_PREFIX
            specify location of selftest directory (default=./st)
  --enable-gnutls
            Enable use of gnutls
  --with-gpgme
            Build with gpgme support (default=auto). This requires gpgme devel
            and python packages (e.g. libgpgme11-dev, python-gpgme on
            debian/ubuntu).
  --with-static-modules=STATIC_MODULES
            Comma-separated list of names of modules to statically link in. May
            include !module to disable 'module'. Can be '!FORCED' to disable all
            non-required static only modules. Can be '!DEFAULT' to disable all
            modules defaulting to a static build. Can be 'ALL' to build all
            default shared modules static. The most specific one wins, while the
            order is ignored and --with-static-modules is evaluated before
            --with-shared-modules
  --with-shared-modules=SHARED_MODULES
            Comma-separated list of names of modules to build shared. May
            include !module to disable 'module'. Can be '!FORCED' to disable all
            non-required shared only modules. Can be '!DEFAULT' to disable all
            modules defaulting to a shared build. Can be 'ALL' to build all
            default static modules shared. The most specific one wins, while the
            order is ignored and --with-static-modules is evaluated before
            --with-shared-modules
  --with-winbind
            Build with winbind support (default=yes)
  --with-ads
            Build with ads support (default=yes)
  --with-ldap
            Build with ldap support (default=yes)
  --enable-cups
            Build with cups support (default=yes)
  --enable-iprint
            Build with iprint support (default=yes)
  --with-pam
            Build with pam support (default=yes)
  --with-quotas
            Build with quotas support (default=yes)
  --with-sendfile-support
            Build with sendfile-support support (default=yes)
  --with-utmp
            Build with utmp support (default=yes)
  --enable-avahi
            Build with avahi support (default=yes)
  --with-iconv
            Build with iconv support (default=yes)
  --with-acl-support
            Build with acl-support support (default=yes)
  --with-dnsupdate
            Build with dnsupdate support (default=yes)
  --with-syslog
            Build with syslog support (default=yes)
  --with-automount
            Build with automount support (default=yes)
  --with-dmapi
            Build with dmapi support (default=auto)
  --with-fam
            Build with fam support (default=auto)
  --with-profiling-data
            Build with profiling-data support (default=no)
  --with-libarchive
            Build with libarchive support (default=yes)
  --with-cluster-support
            Build with cluster-support support (default=no)
  --with-regedit
            Build with regedit support (default=auto)
  --with-fake-kaserver
            Include AFS fake-kaserver support
  --enable-glusterfs
            Build with glusterfs support (default=yes)
  --enable-cephfs
            Build with cephfs support (default=yes)
  --enable-vxfs
            enable support for VxFS (default=no)
  --enable-spotlight
            Build with spotlight support (default=no)
  --disable-fault-handling
            disable the fault handlers
  --with-systemd
            Enable systemd integration
  --without-systemd
            Disable systemd integration
  --with-lttng
            Enable lttng integration
  --without-lttng
            Disable lttng integration
  --with-gpfs=GPFS_HEADERS_DIR
            Directory under which gpfs headers are installed
  --accel-aes=ACCEL_AES
            Should we use accelerated AES crypto functions. Options are
            intelaesni|none.
  --enable-infiniband
            Turn on infiniband support (default=no)
  --enable-pmda
            Turn on PCP pmda support (default=no)
  --enable-etcd-reclock
            Enable etcd recovery lock helper (default=no)
  --with-libcephfs=LIBCEPHFS_DIR
            Directory under which libcephfs is installed
  --enable-ceph-reclock
            Enable Ceph CTDB recovery lock helper (default=no)
  --with-logdir=CTDB_LOGDIR
            Path to log directory
  --with-socketpath=CTDB_SOCKPATH
            path to CTDB daemon socket
  --enable-pthreadpool
            Build with pthreadpool support (default=yes)
  --with-system-mitkrb5
            build Samba with system MIT Kerberos. You may specify list of paths
            where Kerberos is installed (e.g. /usr/local /usr/kerberos) to
            search krb5-config
  --with-experimental-mit-ad-dc
            Enable the experimental MIT Kerberos-backed AD DC.  Note that
            security patches are not issued for this configuration
  --with-system-mitkdc=WITH_SYSTEM_MITKDC
            Specify the path to the krb5kdc binary from MIT Kerberos
  --with-system-heimdalkrb5
            conflicts with --with-system-mitkrb5
  --without-ad-dc
            disable AD DC functionality (enables only Samba FS (File Server,
            Winbind, NMBD) and client utilities.
  --with-ntvfs-fileserver
            enable the deprecated NTVFS file server from the original Samba4
            branch (default if --enable-selftest specified).  Conflicts with
            --with-system-mitkrb5 and --without-ad-dc
  --without-ntvfs-fileserver
            disable the deprecated NTVFS file server from the original Samba4
            branch
  --with-pie
            Build Position Independent Executables (default if supported by
            compiler)
  --without-pie
            Disable Position Independent Executable builds
  --with-relro
            Build with full RELocation Read-Only (RELRO)(default if supported by
            compiler)
  --without-relro
            Disable RELRO builds
  --nopyc   Do not install bytecode compiled .pyc files (configuration)
            [Default:install]
  --nopyo   Do not install optimised compiled .pyo files (configuration)
            [Default:install]

  configuration options:
    -b BLDDIR, --blddir=BLDDIR
            out dir for the project (configuration)
    -s SRCDIR, --srcdir=SRCDIR
            top dir for the project (configuration)
    --download
            try to download the tools if missing

  installation options:
    -f, --force
            force file installation

  C Compiler Options:
    --check-c-compiler=CHECK_C_COMPILER
            On this platform (linux) the following C-Compiler will be checked by
            default: "gcc icc suncc"

  Installation directories:
    By default, "waf install" will put the files in "/usr/local/bin",
    "/usr/local/lib" etc. An installation prefix other than "/usr/local" can
    be given using "--prefix", for example "--prefix=$HOME"

    --prefix=PREFIX
            installation prefix (configuration) [default: '/usr/local/samba']
    --destdir=DESTDIR
            installation root [default: '']
    --exec-prefix=EXEC_PREFIX
            installation prefix [Default: ${PREFIX}]

  Pre-defined installation directories:
    --bindir=BINDIR
            user executables [Default: ${EXEC_PREFIX}/bin]
    --sbindir=SBINDIR
            system admin executables [Default: ${EXEC_PREFIX}/sbin]
    --libexecdir=LIBEXECDIR
            program executables [Default: ${EXEC_PREFIX}/libexec]
    --sysconfdir=SYSCONFDIR
            read-only single-machine data [Default: ${PREFIX}/etc]
    --sharedstatedir=SHAREDSTATEDIR
            modifiable architecture-independent data [Default: ${PREFIX}/com]
    --localstatedir=LOCALSTATEDIR
            modifiable single-machine data [Default: ${PREFIX}/var]
    --libdir=LIBDIR
            object code libraries [Default: ${EXEC_PREFIX}/lib]
    --includedir=INCLUDEDIR
            C header files [Default: ${PREFIX}/include]
    --oldincludedir=OLDINCLUDEDIR
            C header files for non-gcc [Default: /usr/include]
    --datarootdir=DATAROOTDIR
            read-only arch.-independent data root [Default: ${PREFIX}/share]
    --datadir=DATADIR
            read-only architecture-independent data [Default: ${DATAROOTDIR}]
    --infodir=INFODIR
            info documentation [Default: ${DATAROOTDIR}/info]
    --localedir=LOCALEDIR
            locale-dependent data [Default: ${DATAROOTDIR}/locale]
    --mandir=MANDIR
            man documentation [Default: ${DATAROOTDIR}/man]
    --docdir=DOCDIR
            documentation root [Default: ${DATAROOTDIR}/doc/${PACKAGE}]
    --htmldir=HTMLDIR
            html documentation [Default: ${DOCDIR}]
    --dvidir=DVIDIR
            dvi documentation [Default: ${DOCDIR}]
    --pdfdir=PDFDIR
            pdf documentation [Default: ${DOCDIR}]
    --psdir=PSDIR
            ps documentation [Default: ${DOCDIR}]

  library handling options:
    --bundled-libraries=BUNDLED_LIBS
            comma separated list of bundled libraries. May include !LIBNAME to
            disable bundling a library. Can be 'NONE' or 'ALL' [auto]
    --private-libraries=PRIVATE_LIBS
            comma separated list of normally public libraries to build instead
            as private libraries. May include !LIBNAME to disable making a
            library private. Can be 'NONE' or 'ALL' [auto]
    --private-library-extension=PRIVATE_EXTENSION
            name extension for private libraries [samba4]
    --private-extension-exception=PRIVATE_EXTENSION_EXCEPTION
            comma separated list of libraries to not apply extension to []
    --builtin-libraries=BUILTIN_LIBRARIES
            command separated list of libraries to build directly into binaries
            [NONE]
    --minimum-library-version=MINIMUM_LIBRARY_VERSION
            list of minimum system library versions
            (LIBNAME1:version,LIBNAME2:version)
    --disable-rpath
            Disable use of rpath for build binaries
    --disable-rpath-install
            Disable use of rpath for library path in installed files
    --disable-rpath-private-install
            Disable use of rpath for private library path in installed files
    --nonshared-binary=NONSHARED_BINARIES
            Disable use of shared libs for the listed binaries
    --disable-symbol-versions
            Disable use of the --version-script linker option

  developer options:
    -C      enable configure cacheing
    --enable-auto-reconfigure
            enable automatic reconfigure on build
    --enable-debug
            Turn on debugging symbols
    --enable-developer
            Turn on developer warnings and debugging
    --picky-developer
            Treat all warnings as errors (enable -Werror)
    --fatal-errors
            Stop compilation on first error (enable -Wfatal-errors)
    --enable-gccdeps
            Enable use of gcc -MD dependency module
    --timestamp-dependencies
            use file timestamps instead of content for build dependencies
            (BROKEN)
    --pedantic
            Enable even more compiler warnings
    --git-local-changes
            mark version with + if local git changes
    --address-sanitizer
            Enable address sanitizer compile and linker flags
    --abi-check
            Check ABI signatures for libraries
    --abi-check-disable
            Disable ABI checking (used with --enable-developer)
    --abi-update
            Update ABI signature files for libraries
    --show-deps=SHOWDEPS
            Show dependency tree for the given target
    --symbol-check
            check symbols in object files against project rules
    --dup-symbol-check
            check for duplicate symbols in object files and system libs (must be
            configured with --enable-developer)
    --why-needed=WHYNEEDED
            TARGET:DEPENDENCY check why TARGET needs DEPENDENCY
    --show-duplicates
            Show objects which are included in multiple binaries or libraries

  cross compilation options:
    --cross-compile
            configure for cross-compilation
    --cross-execute=CROSS_EXECUTE
            command prefix to use for cross-execution in configure
    --cross-answers=CROSS_ANSWERS
            answers to cross-compilation configuration (auto modified)
    --hostcc=HOSTCC
            set host compiler when cross compiling

  dist options:
    --sign-release
            sign the release tarball created by waf dist
    --tag=TAG_RELEASE
            tag release in git at the same time

  Samba-specific directory layout:
    --enable-fhs
            Use FHS-compliant paths (default no)
            You should consider using this together with:
            --prefix=/usr --sysconfdir=/etc --localstatedir=/var
    --with-statedir=STATEDIR
            Where to put persistent state files
            [STD-Default: ${LOCALSTATEDIR}/locks]
            [FHS-Default: ${LOCALSTATEDIR}/lib/samba]
    --with-pammodulesdir=PAMMODULESDIR
            Which directory to use for PAM modules
            [STD-Default: ${LIBDIR}/security]
            [FHS-Default: ${LIBDIR}/security]
    --with-privatedir=PRIVATE_DIR
            Where to put sam.ldb and other private files
            [STD-Default: ${PREFIX}/private]
            [FHS-Default: ${LOCALSTATEDIR}/lib/samba/private]
    --with-piddir=PIDDIR
            Where to put pid files
            [STD-Default: ${LOCALSTATEDIR}/run]
            [FHS-Default: ${LOCALSTATEDIR}/run/samba]
    --with-cachedir=CACHEDIR
            Where to put temporary cache files
            [STD-Default: ${LOCALSTATEDIR}/cache]
            [FHS-Default: ${LOCALSTATEDIR}/cache/samba]
    --with-bind-dns-dir=BINDDNS_DIR
            bind-dns config directory
            [STD-Default: ${PREFIX}/bind-dns]
            [FHS-Default: ${LOCALSTATEDIR}/lib/samba/bind-dns]
    --with-lockdir=LOCKDIR
            Where to put short term disposable state files
            [STD-Default: ${LOCALSTATEDIR}/lock]
            [FHS-Default: ${LOCALSTATEDIR}/lock/samba]
    --with-logfilebase=LOGFILEBASE
            Where to put log files
            [STD-Default: ${LOCALSTATEDIR}]
            [FHS-Default: ${LOCALSTATEDIR}/log/samba]
    --with-sockets-dir=SOCKET_DIR
            socket directory
            [STD-Default: ${LOCALSTATEDIR}/run]
            [FHS-Default: ${LOCALSTATEDIR}/run/samba]
    --with-modulesdir=MODULESDIR
            Which directory to use for Samba modules
            [STD-Default: ${LIBDIR}]
            [FHS-Default: ${LIBDIR}/samba]
    --with-privatelibdir=PRIVATELIBDIR
            Which directory to use for private Samba libraries
            [STD-Default: ${LIBDIR}/private]
            [FHS-Default: ${LIBDIR}/samba]
    --with-privileged-socket-dir=PRIVILEGED_SOCKET_DIR
            privileged socket directory
            [STD-Default: ${LOCALSTATEDIR}/lib]
            [FHS-Default: ${LOCALSTATEDIR}/lib/samba]
    --with-smbpasswd-file=SMB_PASSWD_FILE
            Where to put the smbpasswd file
            [STD-Default: ${PRIVATE_DIR}/smbpasswd]
            [FHS-Default: ${PRIVATE_DIR}/smbpasswd]
    --with-configdir=CONFIGDIR
            Where to put configuration files
            [STD-Default: ${SYSCONFDIR}]
            [FHS-Default: ${SYSCONFDIR}/samba]

  systemd installation options:
    --systemd-install-services
            install systemd service files to manage daemons (default=no)
    --with-systemddir=SYSTEMDDIR
            systemd service directory [PREFIX/lib/systemd/system]
    --systemd-smb-extra=Option=Value
            Extra directives added to the smb service file. Can be given
            multiple times.
    --systemd-nmb-extra=Option=Value
            Extra directives added to the nmb service file. Can be used multiple
            times.
    --systemd-winbind-extra=Option=Value
            Extra directives added to the winbind service file. Can be used
            multiple times.
    --systemd-samba-extra=Option=Value
            Extra directives added to the samba service file. Can be used
            multiple times.

  test options:
    --load-list=LOAD_LIST
            Load a test id list from a text file
    --list  List available tests
    --tests=TESTS
            wildcard pattern of tests to run
    --filtered-subunit
            output (xfail) filtered subunit
    --quick
            enable only quick tests
    --slow  enable the really slow tests
    --nb-slowest=NB_SLOWEST
            Show the n slowest tests (default=10)
    --testenv
            start a terminal with the test environment setup
    --valgrind
            use valgrind on client programs in the tests
    --valgrind-log=VALGRINDLOG
            where to put the valgrind log
    --valgrind-server
            use valgrind on the server in the tests (opens an xterm)
    --screen
            run the samba servers in screen sessions
    --gdbtest
            run the servers within a gdb window
    --fail-immediately
            stop tests on first failure
    --socket-wrapper-pcap
            create a pcap file for each failing test
    --socket-wrapper-keep-pcap
            create a pcap file for all individual test
    --random-order
            Run testsuites in random order
    --perf-test
            run performance tests only
    --test-list=TEST_LIST
            use tests listed here, not defaults (--test-list='FOO|' will execute
            FOO; --test-list='FOO' will read it)
      • オプション
        • –oldincludedir
          ヘッダファイルなどのインストールパス
    4. コンパイルする
      make 2>&1 | tee make.log.`date +"%Y%m%d"`
    5. インストールを行う。
      make install 2>&1 | tee make_install.log.`date +"%Y%m%d"`
  4. リンク作成、環境変数設定などを行う
    1. インストールディレクトリへのシンボリックリンクを作成する。
      これによって、複数のバージョンを同居させ、リンクを切り替えることで、バージョン変更が可能となる。
      各バージョンの実行ファイルはデフォルトでは各バージョンの設定ファイルを読み込むこととなる。
      rm -f /usr/local/samba
ln -s /usr/local/`pwd | sed "s/.*\///"` /usr/local/samba
    2. 簡単にアクセスできるように環境変数を設定する
      export SAMBA_HOME=/usr/local/samba
    3. ツール類にパスを通す
      export PATH=$SAMBA_HOME/bin:$SAMBA_HOME/sbin:$PATH
    4. パスが通ったことを確認する
      smbd --version
    5. 環境変数を再起動後も有効にする
      echo "" >> /etc/bashrc
echo "# SAMBA ENVIRONMENT VARIABLE" >> /etc/bashrc
echo "export SAMBA_HOME=$SAMBA_HOME" >> /etc/bashrc
echo "export PATH=\$SAMBA_HOME/bin:\$SAMBA_HOME/sbin:\$PATH" >> /etc/bashrc
  5. systemdの設定する
    1. サービスファイルを作成する
      ※1024番以下のポートを使用する場合はパラメータ”User”を使用してroot以外を指定することをしてはならない。
      cat > /etc/systemd/system/smb.service << EOT
[Unit]
Description=Samba SMB Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
After=network.target nmb.service winbind.service

[Service]
Type=notify
NotifyAccess=all
PIDFile=$SAMBA_HOME/var/run/smbd.pid
LimitNOFILE=16384
ExecStart=$SAMBA_HOME/sbin/smbd --foreground --no-process-group
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity

[Install]
WantedBy=multi-user.target
EOT
    2. 必要であれば、ソケットファイルも作成する。
      ソケットファイルはスーパーデーモンを利用する際に使用する。
      Sambaを使用する頻度が低いなら設定しておくと良い。
      cat > /etc/systemd/system/smb.socket << EOT
[Unit]
Description=Samba SMB Daemon activation socket

[Socket]
#samba expects separate IPv4 and IPv6 sockets
BindIPv6Only=ipv6-only
ListenStream=0.0.0.0:139
ListenStream=[::]:139
ListenStream=0.0.0.0:445
ListenStream=[::]:445
KeepAlive=true

[Install]
WantedBy=sockets.target
EOT
    3. サービスを有効化する
      systemctl enable smb
    4. サービスが有効化されていることを確認する
      systemctl list-unit-files --type service --no-pager | grep smb
  6. 設定ファイルを作成する
    サンプルファイルを使用する場合、コピーする
    cp examples/smb.conf.default $SAMBA_HOME/etc/smb.conf
    ※原則初めから自分で作成した方がよい
    ※デフォルトの設定ファイルの内容は下記

    # This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = MYGROUP

# server string is the equivalent of the NT Description field
   server string = Samba Server

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /usr/local/samba/var/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Specifies the Kerberos or Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#      Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /usr/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = no
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
    自作する場合
    cat > $SAMBA_HOME/etc/smb.conf << EOT
[global]
log file = $SAMBA_HOME/var/log/samba.log
max log size = 50
security = user
EOT
    ログ出力先のディレクトリを作成する。
    mkdir $SAMBA_HOME/var/log
  7. 設定ファイルに誤りがないか確認する
    問題があれば、”Error”が出力される
    testparm -s
  8. 不要なソースコードを削除する
    cd ../
rm -rf samba*
  9. インストールしたディレクトリに移動する
    cd $SAMBA_HOME
  10. Sambaを起動する
    systemctl start smb
  11. 稼働確認
    smbcontrol smbd ping

 

パッケージからインストール

 

  1. インストールされていないことを確認
    yum list installed | grep samba
  2. インストール
    yum install samba samba-client -y
    • 出力例

      [root@samba1 ~]# yum install samba
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.usonyx.net
 * extras: ftp.iij.ad.jp
 * updates: centos.usonyx.net
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: samba-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common-tools = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-common = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: samba-client-libs = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libwbclient = 4.8.3-4.el7 for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-tdb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-reg-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.9)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0(TEVENT_0.9.16)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1(TDB_1.2.5)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1(TDB_1.2.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtalloc.so.2(TALLOC_2.0.2)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsys-rw-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsocket-blocking-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-shim-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-base-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbconf.so.0(SMBCONF_0)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmb-transport-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libserver-id-db-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsecrets3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba3-util-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-sockets-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-security-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-errors.so.1(SAMBA_ERRORS_1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-debug-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-cluster-support-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libpopt-samba3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr.so.0(NDR_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-samba-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmsghdr-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmessages-dgm-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: liblibsmb-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgse-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgenrand-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libdbwrap-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcliauth-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-smb-common-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-nbt-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-cldap-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libauth-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libCHARSET3-samba4.so(SAMBA_4.8.3)(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-tdb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libutil-reg-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtevent-util.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtdb.so.1()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libtalloc.so.2()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsys-rw-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsocket-blocking-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-shim-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbd-base-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmbconf.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsmb-transport-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libserver-id-db-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsecrets3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba3-util-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-util.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-sockets-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-security-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-passdb.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-hostconfig.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-errors.so.1()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-debug-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libsamba-cluster-support-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libreplace-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libpopt-samba3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-standard.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-samba-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libndr-nbt.so.0()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmsghdr-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libmessages-dgm-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: liblibsmb-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgse-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libgenrand-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libdbwrap-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcliauth-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-smb-common-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-nbt-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libcli-cldap-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libauth-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Processing Dependency: libCHARSET3-samba4.so()(64bit) for package: samba-4.8.3-4.el7.x86_64
--> Running transaction check
---> Package libtalloc.x86_64 0:2.1.13-1.el7 will be installed
---> Package libtdb.x86_64 0:1.3.15-1.el7 will be installed
---> Package libtevent.x86_64 0:0.9.36-1.el7 will be installed
---> Package libwbclient.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-client-libs.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: libldb.so.1(LDB_1.3.0)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.30)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.19)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_1.1.1)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.23)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.15)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1(LDB_0.9.10)(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libldb.so.1()(64bit) for package: samba-client-libs-4.8.3-4.el7.x86_64
---> Package samba-common.noarch 0:4.8.3-4.el7 will be installed
---> Package samba-common-libs.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-common-tools.x86_64 0:4.8.3-4.el7 will be installed
---> Package samba-libs.x86_64 0:4.8.3-4.el7 will be installed
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2()(64bit) for package: samba-libs-4.8.3-4.el7.x86_64
--> Running transaction check
---> Package libldb.x86_64 0:1.3.4-1.el7 will be installed
---> Package pytalloc.x86_64 0:2.1.13-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                   Arch          Version              Repository   Size
================================================================================
Installing:
 samba                     x86_64        4.8.3-4.el7          base        680 k
Installing for dependencies:
 libldb                    x86_64        1.3.4-1.el7          base        137 k
 libtalloc                 x86_64        2.1.13-1.el7         base         32 k
 libtdb                    x86_64        1.3.15-1.el7         base         48 k
 libtevent                 x86_64        0.9.36-1.el7         base         36 k
 libwbclient               x86_64        4.8.3-4.el7          base        109 k
 pytalloc                  x86_64        2.1.13-1.el7         base         17 k
 samba-client-libs         x86_64        4.8.3-4.el7          base        4.8 M
 samba-common              noarch        4.8.3-4.el7          base        206 k
 samba-common-libs         x86_64        4.8.3-4.el7          base        164 k
 samba-common-tools        x86_64        4.8.3-4.el7          base        448 k
 samba-libs                x86_64        4.8.3-4.el7          base        276 k

Transaction Summary
================================================================================
Install  1 Package (+11 Dependent packages)

Total size: 6.9 M
Total download size: 6.9 M
Installed size: 24 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/11): libtalloc-2.1.13-1.el7.x86_64.rpm                  |  32 kB   00:00
(2/11): libtevent-0.9.36-1.el7.x86_64.rpm                  |  36 kB   00:00
(3/11): libldb-1.3.4-1.el7.x86_64.rpm                      | 137 kB   00:00
(4/11): pytalloc-2.1.13-1.el7.x86_64.rpm                   |  17 kB   00:00
(5/11): libwbclient-4.8.3-4.el7.x86_64.rpm                 | 109 kB   00:00
(6/11): samba-4.8.3-4.el7.x86_64.rpm                       | 680 kB   00:00
(7/11): samba-common-4.8.3-4.el7.noarch.rpm                | 206 kB   00:00
(8/11): samba-common-libs-4.8.3-4.el7.x86_64.rpm           | 164 kB   00:00
(9/11): samba-common-tools-4.8.3-4.el7.x86_64.rpm          | 448 kB   00:00
(10/11): samba-libs-4.8.3-4.el7.x86_64.rpm                 | 276 kB   00:00
(11/11): samba-client-libs-4.8.3-4.el7.x86_64.rpm          | 4.8 MB   00:01
--------------------------------------------------------------------------------
Total                                              5.0 MB/s | 6.9 MB  00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libtalloc-2.1.13-1.el7.x86_64                               1/12
  Installing : libtdb-1.3.15-1.el7.x86_64                                  2/12
  Installing : libtevent-0.9.36-1.el7.x86_64                               3/12
  Installing : samba-common-4.8.3-4.el7.noarch                             4/12
  Installing : libldb-1.3.4-1.el7.x86_64                                   5/12
  Installing : libwbclient-4.8.3-4.el7.x86_64                              6/12
  Installing : samba-client-libs-4.8.3-4.el7.x86_64                        7/12
  Installing : samba-common-libs-4.8.3-4.el7.x86_64                        8/12
  Installing : pytalloc-2.1.13-1.el7.x86_64                                9/12
  Installing : samba-libs-4.8.3-4.el7.x86_64                              10/12
  Installing : samba-common-tools-4.8.3-4.el7.x86_64                      11/12
  Installing : samba-4.8.3-4.el7.x86_64                                   12/12
  Verifying  : samba-common-4.8.3-4.el7.noarch                             1/12
  Verifying  : libtdb-1.3.15-1.el7.x86_64                                  2/12
  Verifying  : libtalloc-2.1.13-1.el7.x86_64                               3/12
  Verifying  : libtevent-0.9.36-1.el7.x86_64                               4/12
  Verifying  : samba-client-libs-4.8.3-4.el7.x86_64                        5/12
  Verifying  : samba-4.8.3-4.el7.x86_64                                    6/12
  Verifying  : libwbclient-4.8.3-4.el7.x86_64                              7/12
  Verifying  : samba-libs-4.8.3-4.el7.x86_64                               8/12
  Verifying  : samba-common-libs-4.8.3-4.el7.x86_64                        9/12
  Verifying  : samba-common-tools-4.8.3-4.el7.x86_64                      10/12
  Verifying  : libldb-1.3.4-1.el7.x86_64                                  11/12
  Verifying  : pytalloc-2.1.13-1.el7.x86_64                               12/12

Installed:
  samba.x86_64 0:4.8.3-4.el7

Dependency Installed:
  libldb.x86_64 0:1.3.4-1.el7
  libtalloc.x86_64 0:2.1.13-1.el7
  libtdb.x86_64 0:1.3.15-1.el7
  libtevent.x86_64 0:0.9.36-1.el7
  libwbclient.x86_64 0:4.8.3-4.el7
  pytalloc.x86_64 0:2.1.13-1.el7
  samba-client-libs.x86_64 0:4.8.3-4.el7
  samba-common.noarch 0:4.8.3-4.el7
  samba-common-libs.x86_64 0:4.8.3-4.el7
  samba-common-tools.x86_64 0:4.8.3-4.el7
  samba-libs.x86_64 0:4.8.3-4.el7

Complete!
  3. インストールされていることを確認する
    smbd --version

 

共有フォルダ作成


以下は共有フォルダを作成するサンプルである。

  1. 共有フォルダを作成する
    mkdir -p /usr/local/data/samba/public
chmod 777 /usr/local/data/samba/public
  2. 設定ファイルを作成する
    cat >> $SAMBA_HOME/etc/smb.conf << EOT

[public]
read only = no
path = /usr/local/data/samba/public
create mask = 660
force create mode = 660
directory mask = 770
force directory mode = 770
# guest ok = yes # no auth
EOT
  3. ユーザを作成する
    useradd --no-create-home --shell /sbin/nologin public
pdbedit -a -u public
# パスワードを入力する
  4. Sambaを起動する
    systemctl restart smb
  5. Window PCからエクスプローラで「\\<IPアドレス>\」にアクセスする。
    その際のユーザ名はpublicで、パスワードは上記で入力したものである。

 

管理

 

管理コマンド一覧

 

pdbedit


ユーザの追加・削除・一覧表示を行う。

 

 

 

 


Common samba options:

 

smbpasswd


ユーザの作成、パスワードの設定・変更が行える。

 

 

 

 

 

smbstatus


Sambaサーバに接続されているクライアント、利用中の共有、ロックされているファイルを表示できる。

 

簡易ステータス表示


接続状況についてステータスを表示する。
Samba自体が起動していない状態でもエラーが出ずに接続なしで表示されるので、Sambaの稼働チェックには使用できない。

smbstatus -b

 

詳細ステータス表示


接続状況についてステータスを表示する。
Samba自体が起動していない状態でもエラーが出ずに接続なしで表示されるので、Sambaの稼働チェックには使用できない。

smbstatus -v

 

nmblookup


ワークグループ内のホストやマスターブラウザを調べる

 

eventlogadm

 

mksmbpasswd.sh

 

nmbd

 

smbd


デーモンプログラム。デバッグ用途で手動で起動する以外は基本的に使用しない。

 

ビルド情報の表示

 

smbd -b

 

net

 

pdbedit

 

profiles

 

smbcontrol


smbd、nmbd、winbinddの操作ツール。

 

死活確認

 

smbcontrol smbd ping

 

終了

 

smbcontrol smbd shutdown

 

設定再読み込み

 

smbcontrol smbd reload-config

 

smbcquotas

 

smbpasswd

 

testparm


設定ファイル(smb.conf)の記載誤りの確認や、パラメータの表示などを行える。

 



一覧表示

 

 

 

設定確認

 

testparm -s

 

実行例

 




winbindd

 

ntlm_auth

 

wbinfo






設定


Sambaサーバの設定は次のファイルを変更することで行う。

/etc/samba/smb.conf

 

設定ファイルの初期状態

 

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================

[global]

# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = MYGROUP
        server string = Samba Server Version %v

;       netbios name = MYSERVER

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;       hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *


;       security = domain
;       passdb backend = tdbsam
;       realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;       security = user
;       passdb backend = tdbsam

;       domain master = yes
;       domain logons = yes

        # the login script name depends on the machine name
;       logon script = %m.bat
        # the login script name depends on the unix user used
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # disables profiles support by specifing an empty path
;       logon path =

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
;       add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;       local master = no
;       os level = 33
;       preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one        WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

;       wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes

;       dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

        load printers = yes
        cups options = raw

;       printcap name = /etc/printcap
        #obtain list of printers automatically on SystemV
;       printcap name = lpstat
;       printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;       map archive = no
;       map hidden = no
;       map read only = no
;       map system = no
;       store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;       [public]
;       comment = Public Stuff
;       path = /home/samba
;       public = yes
;       writable = yes
;       printable = no
;       write list = +staff

 

設定ファイルの記法


設定ファイルは次のような書き方となっている。

[セクション]
パラメータ名 = 値

セクションはそれぞれ共有リソースに対応し、そのセクション中で設定されたパラメータが適用される。
セクション名は規定のもの以外では任意の名前をつけられ、それが共有名となる。
セクション定義行から次のセクション定義までがそのセクションの設定となる。
;か#で始まる行はコメントである。

変数


値には %X の記法で変数を使用できる。

 

 

設定の構文チェック


構文チェックをtestparmコマンドで行うことができる。

globalセクション


Samba全体にわたる設定を行うセクション。
下記の設定はglobalセクションのみで記述できる。

workgroup


Sambaサーバが所属するワークグループ名もしくはドメイン名を指定する

workgroup = <グループ名>

 

netbios name


SambaサーバのNetBIOS名を指定する

netbios name = <NetBIOS名>

 

server string


サーバの説明文を記述する。ブラウジングの際にマウスオーバーで表示される。

server string = <サーバ説明文>

 

interfaces


Sambaによる接続を受け付けるインタフェースを指定する。

interfaces = <インタフェース名>|<インタフェースIPアドレス> [...]

 

hosts allow


接続を許可するホストを指定する。
このパラメータを設定した場合、許可されなかったホストは拒否される。
スペースで区切って複数記述できる。
192.168.と書くことで、192.168.0.0/16の範囲を許可することができる。

hosts allow = <ホスト> [...]

 

hosts deny


接続を拒否するホストを指定する。
このパラメータを設定した場合、拒否されなかったホストは許可される。

hosts deny = <ホスト> [...]

 

guest account


Guestとして利用するアカウント名を指定する
デフォルトは”nobody”アカウントとなる。

guest account = <アカウント名>

 

map to guest


Sambaユーザ認証ができなかった場合の挙動を指定する

map to guest = (Never|Bad User|Bad Password)

 

log file


ログファイルを指定する

log file

 

max log size


ログファイルの最大サイズをKB単位で指定する。
0の場合は制限がない。

max log size = <最大ログファイルサイズ>

 

encrypt passwords = (Yes|No)


YesとNoが指定でき、Yesの場合はNetBIOS認証をハッシュ値で行う方式にする。

encrypt passwords

 

smb passwd file


パスワード認証をsmbpasswd方式で行う場合のパスワードファイルを指定する

smb passwd file

 

unix password sync


YesかNoを記述し、SambaのパスワードとLinuxのパスワードを同期させるかどうかを指定する。
このパラメータを有効にする場合、passwd programパラメータを必ず設定する必要がある。

unix password sync = (Yes|No)

 

passwd program


Samba側でパスワードを変更した際に実行するプログラムを指定する。

passwd program = <パスワード変更プログラムパス>

passwd program = /usr/bin/passwd %u

 

passwd chat


Samba側でパスワードを変更した際の応答内容を記述する

passwd chat

 

username map


Linuxのユーザーを別のユーザー名にマッピングした内容を記述したファイルを指定する。
マッピングファイル内では、次の書式で記述する。

<Linuxユーザ名> = "<Windowsユーザ名>"

Windowsユーザ名は日本語にも対応できる。

username map

 

logon script


ログオン時に実行するスクリプトファイルを指定する

logon script

 

wins support


YesかNoで指定し、SambaサーバをWINSサーバとして動作させるときにYesとする

wins support

 

wins server


WINSサーバのIPアドレスを指定する

wins server

 

security


認証方法の設定

security = (user|share|server|domain|ads)

 

null passwords


!!廃止!!
YesかNoで指定し、空のパスワードの使用を許可・禁止する

null passwords = (Yes|No)

 

enable privileges


特定の権限をWindowsのSIDに割り当てる機能を有効にするかどうかを指定する。

 

 

 

unix extensions


UNIX拡張を利用するかどうかを制御する。
専らリンク(シンボリックリンク、ハードリンク)を使用可能にするために設定される。
Unix系クライアントからリンクを使用する場合はYesにし、Windows系クライアントからリンクを使用する場合はNoにすること。
ただし、リンクを使用する場合は「wide links」も有効にする必要がある。

 

 

個別セクション共通設定


globalセクション以降の個別の各セクション内で使用できる共通の設定項目が以下である。
globalセクション内でも設定可能である。

comment


コメント文。ブラウジングしたときに表示される。

browsable


YesかNoで指定し、ブラウジングしたときに表示されるかどうかを指定する。
ただし、共有名を直接指定するとアクセスすることは可能。
セクション名の最後に$を書くことでNoとするのと同様の効果が得られる。

 

 

writable/writeable


書き込み可能かどうかを指定する。
パラメータ”read only”の反対である。

 



read only


YesかNoで指定し、読み込み専用かどうかを指定する

 

 

path


共有ディレクトリのパスを指定する

 

force user


共有内に作成するファイル・ディレクトリのオーナーを指定する

 

force group


共有内に作成するファイル・ディレクトリのオーナーグループを指定する

 

write list


writableで書き込みできない状態の場合でも書き込みできるユーザ・グループを指定する

 

 

hide dot files


YesかNoで記述し、.で始まる名前のファイルやディレクトリを
表示しないようWindowsの隠しファイル属性を適用するかどうかを指定する。

hide files


表示させないファイル・ディレクトリを指定する。ただし、アクセスは可能。

veto files


表示させないファイル・ディレクトリを指定する。ただし、アクセスも不可。

create mask


ファイルに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ファイルのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0744。

create mask = <パーミッション>

 

directory mask


ディレクトリに適用可能なパーミッションを指定する。
この値とDOSでの属性をUNIXのパーミッションに変換した値との論理積(AND)を
ディレクトリのパーミッションとする。
パーミッションを削除する場合に使用する。
デフォルトは0755。

directory mask = <パーミッション>

 

force create mode


必ずファイルに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なファイルのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。

force create mode = <パーミッション>

 

force directory mode


必ずディレクトリに適用されるパーミッションを指定する。
この値と”create mask”で算出された値との論理和(OR)が最終的なディレクトリのパーミッションとなる。
パーミッションを設定する場合に使用する。
デフォルトは0000。

force directory mode = <パーミッション>

 

valid users


アクセス可能なユーザ・グループを指定する

guest ok


YesかNoで記述し、Yesの場合はパスワード無しのゲストログインを許可する

guest ok = (Yes|No)

 

public


guest okと同じ

public = (Yes|No)

 

wide links


UNIXファイルシステム上のリンクをたどってアクセス可能かどうかを設定する。
リンクを有効にすると、不正なリンクファイルを配置することで意図しないパスにアクセス可能になるリスクがある。

 





homesセクション


Linuxユーザの各ホームディレクトリを一括して共有するためのセクション。
SambaにログインしたユーザがLinuxに存在する場合、そのホームディレクトリが利用可能となる。

printers


共有プリンタに関する設定を行います。

printable




print ok


このパラメーターはprintableパラメーターの別名である


lmhosts


Windowsネットワーク上にてホストのNetBIOS名とIPアドレスの名前解決のために使われるファイル。
WINSサーバで名前解決が出来なかった際にlmhostsファイルが使用される。
通常以下のパスに存在する。

/etc/samba/lmhosts

 

 

Sambaクライアント


LinuxからSambaサーバへアクセスし、Windowsネットワークを利用するにはSambaクライアントを利用する。

smbclientコマンド


Sambaクライアントとして利用できるコマンド。

 


接続が成功すると対話式で操作を行う。
以下のサブコマンドが使用可能である。
なお、テキストファイルを直接読み出すサブコマンドは無い。



マウントして利用

 

smbmount \\<サーバ名>\<共有名> <マウントポイント> [-o <オプション>]

 


Notice: Trying to get property 'queue' of non-object in /usr/local/wordpress/wp-includes/script-loader.php on line 2876

Warning: Invalid argument supplied for foreach() in /usr/local/wordpress/wp-includes/script-loader.php on line 2876