russel053/ 十一月 17, 2017/ 未分類

安裝:

apt install samba samba-common

設定目錄:

nano /etc/samba/smb.conf

設定範例:

[global]
workgroup = workgroup
security = user

[DATA]
path = /RAID/DATA
valid users = root
guest ok = no
writable = yes
browsable = yes

[BT]
path = /RAID/BT
browsable =yes
writable = yes
guest ok = yes

新增使用者:

smbpasswd -a 使用者名稱

重啟SAMBA服務:

service smbd restart

央行總裁中文smb設定擋:

#底下設定檔為 samba 4.2.10版
[global]
#====== 修正中文問題=====
dos charset = CP950
#SMB 對外送出資料時,要自動轉換的編碼 (CP950=Big5)
unix charset = UTF8 
#本機 Linux 主機所使用的編碼 (與 /etc/sysconfig/i18n 相同)
#display charset = UTF8 
#smb4版已無上面這個參數
#以上設定可以讓你存放簡體中文的檔名
#====== 修正中文問題=====


workgroup = WORKGROUP
#工作群組,這裡保留預設值即可,不用特別去改它,除非你知道你的工作群組跟別人不一樣
dns proxy = no
#是否啟用 DNS 快取服務 (yes、no)

#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
# 紀錄檔儲存位置 (檔名不固定,需使用變數 %m.log)
max log size = 1000
# 紀錄檔最大容量 (KBytes)

#syslog only = no
#若你想要 Samba 將 log 寫入,改將上面的參數改為 'yes'.

syslog = 0
panic action = /usr/share/samba/panic-action %d


####### 認證 Authentication #######
# Server role. 定義 Samba 運作方式,可用選項有: "standalone server", "member server", "classic primary domain controller", 
# "classic backup domain controller", "active directory domain controller"
# 大部份人都用 "standalone sever" or "member server". 即可
   server role = standalone server

# 若你使用加密密碼,須指定資料庫的格式  
   passdb backend = tdbsam
   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<[email protected]> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user

########## Domains ###########

############ Misc ############

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
;   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones

#   usershare allow guests = yes
    usershare allow guests = no

#======================= Share Definitions =======================

#[homes]
#   comment = Home Directories
#   browseable = no
#   read only = yes
#   create mask = 0700
#   directory mask = 0700
#   valid users = %S

[homes]
comment = 個人家目錄
browseable = no
read only = no
create mask = 0600
directory mask = 0700
valid users = %S
# %S:代表所有人皆可進入,且目錄名稱會被自動替換成 user 名稱,用於家目錄。
#以上的設定你必須要先建好linux底下的帳號和samba底下的帳號並建好他們的家目錄,這樣他們登入時就可自動對應到自己的家目錄裡面去了。


# 使用者第一次登入時就可自動建立他們自己的 profiles 資料夾
# 但前提是你得先將你的 Samba 設定為 domain controller
# 底下的路徑必須是所有使用者都能寫入的權限
;[profiles]
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700


[music]
comment = 音樂純下載,不能上傳或修改
path = /home/music
browseable = no
# ↑ 此分享的資料夾不可見(即隱藏)
read only = yes
guest ok = yes

[musicX]
comment = 使用帳密登入可修改
path = /home/music
browseable = no
read only = no
guest ok = no
create mask = 0664
directory mask = 0775
#上面的權限設定是指建檔案和目錄時,別人都可讀
#即chmod 664 file, 和 chmod 775 目錄

[share1]
comment = 誤刪檔案可救回
path = /vic1/smb/share1
browseable = yes
read only = no
guest ok = yes
hosts deny = ALL
#鎖定所有IP,只開放底下網段連入
hosts allow = 127.0.0.1 192.168.10.0/24 
#網路資源回收筒,可避免誤刪
vfs objects = recycle
recycle:versions = 1
recycle:keeptree = 1
#需指定刪除的檔案所存放的目錄,建議同一個分割區,並定期要來清空,否則空間會不夠用
recycle:repository = /vic1/smb/recycle


[recycle]
#comment = 使用帳密登入可修改
path = /vic1/smb/recycle
browseable = no
# ↑ 此分享的資料夾不可見(即隱藏)
read only = no
guest ok = yes
Share this Post