t-okkn/samba.md

## samba.md

      
    Raw
  

              samba.md
            
          
    SAMBAサーバの設定手順

パスワードなしのLocal接続専用のSAMBAサーバを作成します。
■前提

Arch Linuxにて検証した手順になります。

※「{{ }}」にて囲まれている部分は変数を表します（Jinja2などのテンプレートエンジンでもレンダリング可能なようにしてあります）。
■手順


SAMBA をインストール
$ sudo pacman -S samba


SAMBA 設定ファイルを作成
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
$ curl -sS https://gist.githubusercontent.com/t-okkn/f74e225be92c0418604288a4de35560a/raw/9529c3c6969d37b6558338a310e0a24ad765d7a0/smb.conf | sudo tee /etc/samba/smb.conf


パラメータの調整

{{ WorkGroup }}, {{ ServerString }}, {{ UnixUser }}, {{ Path }} の各パラメータを入力してください。

$ sudo vi /etc/samba/smb.conf


パラメータの正当性チェック
$ sudo testparm


SAMBA サーバの起動
$ sudo systemctl enable --now smb
$ sudo systemctl enable --now nmb


## smb.conf
#======================= Global Settings =====================================
[global]

# My setting
   unix charset = UTF-8
   dos charset = CP932

   mangled names = no
   vfs objects = catia
   catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = {{ WorkGroup }}

# server string is the equivalent of the NT Description field
   server string = {{ ServerString }}

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.0. 127. EXCEPT 192.168.0.254

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
  guest account = {{ UnixUser }}
  security = user
  map to guest = Bad User

# Encrypt Data
  smb encrypt = no

# Samba Minimal Protocol
  min protocol = SMB2

# Printer Setting
  load printers = no
  printing = bsd
  printcap name = /dev/null

# Debug logging information
  log level = 2
  debug timestamp = yes

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 10000

# Specifies the Kerberos or Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should-
# use either tdbsam or ldapsam. smbpasswd is available for backwards-
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24-

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no


#============================ Share Definitions ==============================
;[homes]
;   comment = Home Directories
;   browseable = no
;   writable = yes

# Guest users are allowed all actions.
[Public]
   comment = Public
   path = {{ Path }}
   browseable = yes
   guest ok = yes
   writable = yes
   create mask = 0644
   directory mask = 0775
   vfs objects = recycle
   recycle:repository = .recycle
   recycle:keeptree = no
   recycle:versions = yes
   recycle:touch = no
   recycle:maxsize = 0
   recycle:exclude = *.tmp ~$*
;   printable = no
	#======================= Global Settings =====================================
	[global]

	# My setting
	unix charset = UTF-8
	dos charset = CP932

	mangled names = no
	vfs objects = catia
	catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6

	# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
	workgroup = {{ WorkGroup }}

	# server string is the equivalent of the NT Description field
	server string = {{ ServerString }}

	# Server role. Defines in which mode Samba will operate. Possible
	# values are "standalone server", "member server", "classic primary
	# domain controller", "classic backup domain controller", "active
	# directory domain controller".
	#
	# Most people will want "standalone server" or "member server".
	# Running as "active directory domain controller" will require first
	# running "samba-tool domain provision" to wipe databases and create a
	# new domain.
	server role = standalone server

	# This option is important for security. It allows you to restrict
	# connections to machines which are on your local network. The
	# following example restricts access to two C class networks and
	# the "loopback" interface. For more examples of the syntax see
	# the smb.conf man page
	; hosts allow = 192.168.0. 127. EXCEPT 192.168.0.254

	# Uncomment this if you want a guest account, you must add this to /etc/passwd
	# otherwise the user "nobody" is used
	guest account = {{ UnixUser }}
	security = user
	map to guest = Bad User

	# Encrypt Data
	smb encrypt = no

	# Samba Minimal Protocol
	min protocol = SMB2

	# Printer Setting
	load printers = no
	printing = bsd
	printcap name = /dev/null

	# Debug logging information
	log level = 2
	debug timestamp = yes

	# this tells Samba to use a separate log file for each machine
	# that connects
	log file = /var/log/samba/log.%m

	# Put a capping on the size of the log files (in Kb).
	max log size = 10000

	# Specifies the Kerberos or Active Directory realm the host is part of
	; realm = MY_REALM

	# Backend to store user information in. New installations should-
	# use either tdbsam or ldapsam. smbpasswd is available for backwards-
	# compatibility. tdbsam requires no further configuration.
	; passdb backend = tdbsam

	# Using the following line enables you to customise your configuration
	# on a per machine basis. The %m gets replaced with the netbios name
	# of the machine that is connecting.
	# Note: Consider carefully the location in the configuration file of
	# this line. The included file is read at that point.
	; include = /usr/local/samba/lib/smb.conf.%m

	# Configure Samba to use multiple interfaces
	# If you have multiple network interfaces then you must list them
	# here. See the man page for details.
	; interfaces = 192.168.12.2/24 192.168.13.2/24-

	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
	# via DNS nslookups. The default is NO.
	dns proxy = no


	#============================ Share Definitions ==============================
	;[homes]
	; comment = Home Directories
	; browseable = no
	; writable = yes

	# Guest users are allowed all actions.
	[Public]
	comment = Public
	path = {{ Path }}
	browseable = yes
	guest ok = yes
	writable = yes
	create mask = 0644
	directory mask = 0775
	vfs objects = recycle
	recycle:repository = .recycle
	recycle:keeptree = no
	recycle:versions = yes
	recycle:touch = no
	recycle:maxsize = 0
	recycle:exclude = .tmp ~$
	; printable = no