e.v.o
Light Guard
Servus Mädelz,
ich stehe mal wieder vor der schier unlösbaren Aufgabe meine Ansprüche umzusetzen...
Vielleicht könnt ihr mir mit der config helfen?
> user evo, guest und XXX sind im system und im samba vorhanden
- /mnt/raid soll für jeden im LAN ohne PW/Username NUR lesbar sein (done > map to guest, aber ziemlich stressig mit security = share)
- /mnt/.encfs/ soll nur für den Adminuser (evo) sichtbar und editierbar sein
- /home/guest soll schreibbar sein für jedermann, alle user sollen also automatisch als guest angemeldet werden, auch wenn kein name/pw eingegeben wurde (map to user/guest?)
- user evo darf alles.. eh klar, oder? ;>
- security soll auf user bleiben, da share nicht mehr verwendet werden sollte und als deprecated gekennzeichnet ist...
tja.. es ist nicht leicht mit diesem biest fertig zu werden. bin schier am verzweifeln und es nervt einfach gewaltig für so einen popeligen rotz ewig und drei tage dran zu sitzen. ^^ :hammer:
[EDIT]
Hab mal meine Config für alle interessierten hochgeladen. Die sollte eigentlich alle benötigten Optionen für den Alltagsgebrauch und ein wenig darüber hinaus aufweisen.
Wenn ihr euch nur die von euch verwendeten Parameter anzeigen lassen wollt:
testparm eingeben und ihr solltet folgende Ausgabe, ohne Fehler, bekommen:
ich stehe mal wieder vor der schier unlösbaren Aufgabe meine Ansprüche umzusetzen...
Vielleicht könnt ihr mir mit der config helfen?
> user evo, guest und XXX sind im system und im samba vorhanden
- /mnt/raid soll für jeden im LAN ohne PW/Username NUR lesbar sein (done > map to guest, aber ziemlich stressig mit security = share)
- /mnt/.encfs/ soll nur für den Adminuser (evo) sichtbar und editierbar sein
- /home/guest soll schreibbar sein für jedermann, alle user sollen also automatisch als guest angemeldet werden, auch wenn kein name/pw eingegeben wurde (map to user/guest?)
- user evo darf alles.. eh klar, oder? ;>
- security soll auf user bleiben, da share nicht mehr verwendet werden sollte und als deprecated gekennzeichnet ist...
tja.. es ist nicht leicht mit diesem biest fertig zu werden. bin schier am verzweifeln und es nervt einfach gewaltig für so einen popeligen rotz ewig und drei tage dran zu sitzen. ^^ :hammer:
[EDIT]
Hab mal meine Config für alle interessierten hochgeladen. Die sollte eigentlich alle benötigten Optionen für den Alltagsgebrauch und ein wenig darüber hinaus aufweisen.
Code:
#smb.conf
#
# Samba-3.0.30 - Slackware 12.x
#
#; COMMENT
# #PARAMETER ( name = default value )
# Normally every parameter should have its default value.
# If the parameter is commented out then it is the default value,
# otherwise you should have a look at "man smb.conf"
#
# This config is based on the smb.conf manual page
# and "Using Samba, 3rd Edition" from O'Reilly
#
# VARIABLE SUBSTITUTIONS
; %U session username
; %G primary group name of %U
; %h the Internet hostname that Samba is running on
; %m the NetBIOS name of the client machine (very useful)
; %L the NetBIOS name of the server
; %M the Internet name of the client machine
; %R the selected protocol level after protocol negotiation
; %d the process id of the current server process
; %a the architecture of the remote machine
; %I the IP address of the client machine
; %i the local IP address to which a client connected
; %T the current date and time
; %D name of the domain or workgroup of the current user
; %w the winbind separator
; %v Samba version number
;
; The following substitutes apply only to some configuration options
; Only those that are used when a connection has been established
;
; %S the name of the current service, if any
; %P the root directory of the current service, if any
; %u username of the current service, if any
; %g primary group name of %u
; %H the home directory of the user given by %u
; %N the name of your NIS home directory server
; %p the path of the service's home directory
[global]
; Parameters in this section apply to the server as a whole
; ### USERSHARES ### # Capability for non-root users to
; ==================== # add/modify/delete own share definitions
;
; Controls if usershares can permit guest access
#usershare allow guests =
; Maximum number of user defined shares allowed
#usershare max shares =
; If set only directories owned by the sharing user can be shared
#usershare owner only =
; Directory containing the user defined share definitions
#usershare path =
; Comma-separated list restricting what directories can be shared
#usershare prefix allow list =
; Comma-separated list restricting what directories can be shared
#usershare prefix deny list =
; Pre-existing share used as a template for creating new usershares
#usershare template share =
; ### NAME MANGLING ### # By default, Samba has the same
; ======================= # semantics as a Windows NT server
;
; Filenames are case sensitive
#case sensitive = auto
; Default case for new filenames
#default case = lower
; New files are created with the case that the client passes
#preserve case = yes
; New files which conform to 8.3 syntax are created upper case
#short preserve case = yes
; ### PRINTING ###
; ==================
;
; All printers in the printcap will be loaded for browsing by default
load printers = no
; Only applicable if printing is set to cups.
#cups server = ""
; Show the "Add Printer Wizard" Dialog
show add printer wizard = no
; Yes = open, write to and submit spool files on the specified directory
printable = no
; ===============================
; # - S E T T I N G S - #
; ===============================
; \-= USER SCRIPTS =-/ # These scripts are used on a PDC or stand-alone
; ==================== # machine to add or delete corresponding unix accounts
; Script that will be run when a new group is requested
#add group script = /usr/sbin/groupadd %g
; Script that will be run when a machine is added to Samba's domain
#add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; Script which will add a new service definition to smb.conf
#add share command =
; Script which will add a new user
#add user script = /usr/sbin/useradd %u
; Script that will be called when a user is added to a group
#add user to group script =
; Script which will modify an existing service definition in smb.conf
#change share command =
; Script when a group is requested to be deleted
#delete group script =
; Script when a user is removed from a group using the Windows NT domain administration tools
#delete user from group script = /usr/sbin/deluser %u %g
; Script that will be run when managing users with remote RPC (NT) tools
#delete user script = /usr/local/samba/bin/del_user %u
; Script that will be run under special circumstances
#rename user script = no
; This script sets the primary group in the unix userdatase when an administrator sets the
; primary group from the windows user manager or when fetching a SAM with net rpc vampire
#set primary group script = /usr/sbin/usermod -g '%g' '%u'
; \-= PERMISSION MASKS =-/
; ========================
#directory mask = 0755
#directory security mask = 0777
#force create mode = 000
#force directory mode = 000
#force directory security mode = 0
#force security mode = 0
#inherit owner = no
#inherit permissions = no
#security mask = 0777
; \-= USER PARAMETER =-/
; ======================
; List of users who will be granted administrative privileges on the share
admin users = evo
; This is a list of users that should be allowed to login to this service
valid users = evo guest
; This is a list of users that should not be allowed to login to this service
invalid users = root nobody ftp
; This is a list of users that are given read-only access to a service
read list = evo guest
; This is a list of users that are given read-write access to a service
write list = evo
; -= Guest Settings =-
; Username which will be used for access to services which are specified as guest ok
guest account = guest
; Yes for a service, then no password is required to connect to the service
guest ok = no
; Yes for a service, then only guest connections to the service are permitted
guest only = no
; -= Forced User/Group Settings =-
; UNIX user name that will be assigned as the default user for all users
;force user = guest
; UNIX group name that will be assigned as the default primary group for all users
force group = users
; -= Map Settings =-
; Specify a file containing a mapping of usernames from the clients to the server
#username map =
;
#map acl inherit = no
#map archive = yes
#map hidden =
#map read only = yes
#map system = no
map to guest = Bad User
; \-= SHARE PARAMETER =-/
; =======================
; Lets you "turn off" a service. If available = no, then ALL attempts to connect to the service will fail
available = yes
; Controls whether this share is seen in the list of available shares in a net view and in the browse list
browseable = yes
; Allow or disallow client access to accounts that have null passwords
#null password = no
; If this parameter is yes, then users of a service may not create or modify files in the service's directory
read only = yes
; Setting this parameter to no prevents any file or directory that is a symbolic link from being followed
follow symlinks = no
; This parameter controls whether or not links in the UNIX file system may be followed by the server
wide links = no
; This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found
#default service =
; This parameter allows you to specify a comma-delimited list of directories that the server should always show as empty
dont descend = /proc,/dev,/etc,/var,/boot,/bin,/lib,/usr,/sys,/srv,/sbin
; -= Hide Files =-
; This is a boolean parameter that controls whether files starting with a dot appear as hidden files
#hide dot files = yes
; This is a list of files or directories that are not visible but are accessible
#hide files =
; This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings
#hide special files = no
; This parameter prevents clients from seeing the existance of files that cannot be read
#hide unreadable = no
; This parameter prevents clients from seeing the existance of files that cannot be written to
#hide unwriteable files = no
; \-= WINDOWS PARAMETER =-/
; =========================
; Specifies the charset that samba will use to print messages to stdout and stderr
#display charset = "LOCALE" or "ASCII" (depending on the system)
; This option specifies which charset Samba should talk to DOS clients
#dos charset = # No default
; Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions
#dos filemode = no
; \-= NETWORK/CONNECTION PARAMETER =-/
; ====================================
; This controls what workgroup your server will appear to be in when queried by clients
workgroup = KlingKlang
; This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view
server string = FileDealer
; This sets the NetBIOS name by which a Samba server is known
netbios name = FileDealer
#netbios aliases =
; -= Interface Settings =-
; This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service
hosts allow = 127.0.0.1 192.168.
hosts deny = ALL
; -= Connection Options =-
; Represents the number of minutes of inactivity before a connection is considered dead and disconnected
#deadtime = 0
; The value of the parameter (an integer) represents the number of seconds between keepalive packets
#keepalive = 300
; This option allows the number of simultaneous connections to a service
#max connections = 0
; This option allows you to set socket options to be used when talking with the client
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
; \-= OTHER PARAMETER =-/
; =======================
security = user
; Enabling this parameter will disable netbios support in Samba
#disable netbios = no
; -= SMBpasswd Settings =-
; This option allows the administrator to chose which backend will be used for storing user and possibly group information
#passdb backend = smbpasswd:/etc/samba/private/smbpasswd
; This option sets the path to the encrypted smbpasswd file
#smb passwd file = ${prefix}/private/smbpasswd
; -= Directory Settings =-
; This option specifies the directory where lock files will be placed
#lock directory = ${prefix}/var/locks
; This parameters defines the directory smbd will use for storing such files as smbpasswd and secrets.tdb
#private dir = ${prefix}/private
; -= Log File Settings =-
; This option allows you to override the name of the Samba log file
log file = /var/log/samba/samba.%m
; This option (an integer in kilobytes) specifies the max size the log file should grow to
max log size = 5000
; Using the following line enables you to customise your configuration on a per machine
; basis. The %m gets replaced with the netbios name of the machine that is connecting.
; Note: Consider carefully the location in the configuration file of
; this line. The included file is read at that point.
#include = /etc/samba/smb.conf.%m
; ===========================
; # - S H A R E S - #
; ===========================
[homes]
comment = Eigene Dateien
guest ok = yes
read only = no
browseable = no
[printers]
comment = Drucker
path = /var/spool/samba
browseable = no
available = no
guest ok = no
printable = yes
[BitHalde]
comment = 3TB
path = /mnt/raid
guest ok = yes
read only = yes
Wenn ihr euch nur die von euch verwendeten Parameter anzeigen lassen wollt:
testparm eingeben und ihr solltet folgende Ausgabe, ohne Fehler, bekommen:
Code:
[global]
workgroup = KLINGKLANG
server string = FileDealer
map to guest = Bad User
guest account = guest
log file = /var/log/samba/samba.%m
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
load printers = No
show add printer wizard = No
invalid users = root, nobody, ftp
valid users = evo, guest
admin users = evo
read list = evo, guest
write list = evo
force group = users
hosts allow = 127.0.0.1, 192.168.
hosts deny = ALL
wide links = No
follow symlinks = No
dont descend = /proc,/dev,/etc,/var,/boot,/bin,/lib,/usr,/sys,/srv,/sbin
[homes]
comment = Eigene Dateien
read only = No
guest ok = Yes
browseable = No
[printers]
comment = Drucker
path = /var/spool/samba
printable = Yes
browseable = No
available = No
[BitHalde]
comment = 3TB
path = /mnt/raid
guest ok = Yes