License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: File-Server - Samba for Gentoo Linux

Here is my configuration for the classic File-Server Samba. Whith this service you can access your shares from Windows, Linux and some other Operatingsystems which supports the CIFS-Protocol. With the share homes you can share the Home-Directories of your users over the network.
You want to use OpenLDAP for Samba authentication etc.? Then you should first finish the OpenLDAP Howto
If you don't use OpenLDAP, you have to create an additional password file for your Samba users with the following commands:

smbpasswd -a user1
smbpasswd -a user2
The usernames have to be identical with your system user names. This is necessary for mapping the UIDs to the Samba-users.

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
emerge net-fs/samba

Changes in /etc/openldap/samba.ldif

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/openldap/samba.ldif

Changed on 28.05.09
Issued by olli
Beginning line 1

This is only needed when you want to authenticate Samba over LDAP.
Create the encrypted password (userPassword) with:

slappasswd
and then insert this file with
ldapadd -x -D cn=Manager,dc=example,dc=com -W -f /etc/openldap/samba.ldif
when the slapd is started. This creates a administrative User for Samba which is needed e.g for changing passwords of the users over Samba.

dn: cn=smbadmin,ou=SystemUsers,ou=People,dc=example,dc=com
givenName: Samba
sn: Administrator
uid: smbadmin
cn: smbadmin
userPassword: XXXXXXXXXXXXXXXXXXXXXXXX
objectClass: inetOrgPerson
objectClass: top

Changes in /etc/openldap/slapd.conf

File permissions:
Owner: root
Group: ldap
Permissions: -rw-r-----

Click here for a download of the complete file: /etc/openldap/slapd.conf

Changed on 19.02.10
Issued by olli
Beginning line 17

If you want to use LDAP-Data for Samba you need to include this schema

include         /etc/openldap/schema/samba.schema

Changes in /etc/pam.d/system-auth

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/pam.d/system-auth

Changed on 20.05.09
Issued by olli
Beginning line 20

Sync a changed User password changed with the passwd command with the Samba Password if the User exists in Samba

password        sufficient      pam_smbpass.so use_authtok nullok use_first_pass

Changes in /etc/samba/smb.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/samba/smb.conf

Changed on 10.09.08
Issued by olli
Beginning line 1

This is the global part of the Samba configuration file. You should edit the following options for your environment:

[global]
   workgroup = GABOSHNET
   netbios name = gabosh
   server string = gabosh
   #log file = /var/log/samba/samba.log
   #log level = 0
   security = user
   encrypt passwords  = true
   pam password change = yes
   unix password sync = yes
   smb passwd file = /etc/samba/smbpasswd
   interfaces = br0
   unix charset = UTF-8
   display charset = UTF-8
   case sensitive = yes
   create mask = 750
   directory mask = 750
   follow symlinks = yes
   wide links = no
   unix extensions = no
   hide unreadable = yes
   hide dot files = yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY

Changed on 28.05.09
Issued by olli
Beginning line 27

This is the LDAP global part of the Samba configuration file. Use this only if you want to authenticate over LDAP. For this you need a working LDAP Server. Have a look at the OpenLDAP Howto
The goal of this is that you don't have to add users with "smbpasswd" and don't have to change a password twice if you have the same Users for Windows and Linux.
You should edit the following options for your environment:

   # How to connect to the LDAP-Server
   passdb backend = ldapsam:ldap://127.0.0.1:389/
   # The Base DN
   ldap suffix = dc=example,dc=com
   # The LDAP path to computer, user and group accounts
   ldap machine suffix = ou=Computers
   ldap user suffix = ou=People
   ldap group suffix = ou=Group
   # This is the Samba Admin user. 
   # This account is needed e.g for changing passwords of the users. 
   # You should give the smbadmin user appropriate right in slapd.conf for doing this. 
   # After all you have to add the smbadmin password to your Samba. 
   # This is needed therefore that Samba can authenticate with smbadmin against LDAP.
   # You have to create this user in the LDAP too. See: http://doc.example.com/howto_OpenLDAP.html
   # To popularize the smbadmin password for Samba use "smbpasswd -W" after you have written this config.
   ldap admin dn = cn=smbadmin,ou=SystemUsers,ou=People,dc=example,dc=com
   ldap delete dn = no
   # This is for password synchronisation between the Unix and the Samba password in LDAP. 
   # So if you change your Samba password over smbpasswd or Windows this option changes your Unix/Linux password too.
   ldap password sync = yes

Changed on 10.09.08
Issued by olli
Beginning line 50

Here some share definitions.
"homes" is for serving the users home directories, "share" is a share for every valid system user.

[homes]
   comment = Private Verzeichnisse
   browseable = no
   writable = yes
   valid users = @users

[share]
   comment = Share
   path = /srv/share
   guest ok = no
   writable = yes
   printable = no
   browseable = no
   valid users = @users

Changes in /etc/security/limits.d/samba.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/security/limits.d/samba.conf

Changed on 18.06.10
Issued by olli
Beginning line 1

Allow 16384 opened files. This is for preventing the following warning:rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)

* - nofile 16384 

Changes in /usr/local/sbin/smbwatch

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /usr/local/sbin/smbwatch

Changed on 02.03.11
Issued by olli
Beginning line 2

This is a daemon which sends an eMail when a user loggs in.

#!/usr/bin/perl -w

# Load modules
use strict;
use File::Tail;
use Proc::Daemon;
use File::Basename;

# Stop running daemon if exists
my $me=basename("$0");
if (-f "/var/run/$me") {
 open(PID, "</var/run/$me");
 my $pid=<PID>;
 close(PID);
 chomp($pid);
 if (-d "/proc/$pid") {
  print "Killing old daemon with PID: $pid\n";
  kill 9, $pid;
 }
}

# Daemonize
Proc::Daemon::Init();

# Write PID file
open(PID, ">/var/run/$me");
print PID $$;
close(PID);

# The address where notification mails should go to
my $mailto='mail@example.com';
# Targetlogfile
my $logfile="/var/log/samba/samba.log";

my $file=File::Tail->new(name => $logfile, maxinterval => 1, adjustafter => 1, reset_tail => 0);
while (defined(my $line=$file->read)) {
 if ($line =~ /authentication for user/) {
  $line=~s/  +/ /g;
  $line=~s/\[//g;
  $line=~s/\]//g;
  $line=~s/^ +//;
  my $smbstatus=`smbstatus`;
  my @line=split(/ /,$line);
  `echo "Hi,

$line[4] is logging in:
$smbstatus
$line

Your $0 [$$]
" | mail -s "SMBWATCH: $line[4] is logging in" $mailto`;

 }

 if ($line =~ /closed connection/) {
  $line=~s/  +/ /g;
  $line=~s/\[//g;
  $line=~s/\]//g;
  $line=~s/^ +//;
  my $smbstatus=`smbstatus`;
  my @line=split(/ /,$line);
  `echo "Hi,

$line[0] is closing the connection to service $line[6]:

$line
$smbstatus

Your $0 [$$]
" | mail -s "SMBWATCH: $line[0] is closing the connection to service $line[6]" $mailto`;
 }
 $line="";
}

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add samba 

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here