系统debian 12.1 mate桌面环境
samba版本4.17
打算实现的目标:
在局域网中共享 "/home/user/公共" 文件夹,共享名就用“公共”。
要求在局域网中,使用文件管理器打开samba服务主机,双击列表中的“公共”,不用输入帐号密码直接就能打开,并且可以随便读写文件和文件夹。或者极端点,不考虑什么安全问题,只要能用就行。
首先尝试直接移植在debian11系统中能正常使用的smb.conf,samba服务能正常运行,但是局域网中访问“公共”提示参数错误,打不开。
后来又参考了网络上好多配置文章修改smb.conf文件,都不行,局域网中访问“公共”时,不是提示参数错误就是提示没有权限,要么就是匿名方式打不开或者一直要求输入帐号密码就是打不开“公共”这个共享文件夹。总之就是各种行不通。
之前从debian9到debian11用过的各个版本的共享也碰到各种问题最后搜搜都解决了,但是这次实在没辙了。。。
参考过(包括但不限于)下面这些文章,都解决不了问题。
https://blog.csdn.net/u011393891/articl ... /113407047
https://juejin.cn/post/7015091282087264292
https://juejin.cn/post/7246328984384028727
https://blog.csdn.net/hui872370036/arti ... s/45247011
https://blog.csdn.net/u012207077/articl ... nt_index=4
https://forum.ubuntu.org.cn/viewtopic.php?t=492777
https://forum.ubuntu.org.cn/viewtopic.p ... 8#p3222078
https://orcacore.com/install-samba-file ... debian-12/
求论坛大佬给个能用的配置,谢谢了!
求大佬给个能正常使用的Samba配置
-
chinaz
- 帖子: 238
- 注册时间: 2007-02-07 9:23
求大佬给个能正常使用的Samba配置
宠辱不惊,闲看庭前花开花落;去留无意,漫随天外云卷云舒。
-
ghome9
- 帖子: 54
- 注册时间: 2023-01-11 11:12
- 系统: ubuntu22.04
Re: 求大佬给个能正常使用的Samba配置
我是小白,纯顶个贴。 另外提个问题 文件夹权限改成 776 或777了嘛?
另外 你要不要把你的CONF 文件内容 也顺便贴出来(密码之类的打码掉)。大佬们好看具体内容事项
另外 你要不要把你的CONF 文件内容 也顺便贴出来(密码之类的打码掉)。大佬们好看具体内容事项
我大声地说:"我是小白,我是普通网民";所以我的发贴内容会有漏洞,不会是最新技术.请自行判断!
叠甲!最后,看个乐子就好!
叠甲!最后,看个乐子就好!
-
chinaz
- 帖子: 238
- 注册时间: 2007-02-07 9:23
Re: 求大佬给个能正常使用的Samba配置
系统环境是debian12
samba配置参照了下面链接中的第一种:
https://wiki.samba.org/index.php/Settin ... .conf_File
不同的只是共享路径,我直接写的是系统里面本来就有的一个文件夹。
/home/user/公共
权限也搞了最低的:
sudo chmod 777 -R /home/user/公共
====================
[global]
map to guest = Bad User
log file = /var/log/samba/%m
log level = 1
server role = standalone server
[guest]
# This share allows anonymous (guest) access
# without authentication!
path = /home/user/公共
read only = no
guest ok = yes
guest only = yes
======================
现在的情况是,在另一台电脑的文件管理器中输入IP地址
smb://172.48.175.45/
可以显示已经共享的文件夹“guest”,根据设想直接双击就应该进入这个文件夹,
但是双击打开的时候,弹出一个对话框,提示需要密码,并有两个可选项,
一个是“匿名”,点连接提示无法挂载位置。。。权限不够
另一个是“已注册用户”,输入当前用户的帐号密码后,错误同上。
不知道问题出在哪里。
samba配置参照了下面链接中的第一种:
https://wiki.samba.org/index.php/Settin ... .conf_File
不同的只是共享路径,我直接写的是系统里面本来就有的一个文件夹。
/home/user/公共
权限也搞了最低的:
sudo chmod 777 -R /home/user/公共
====================
[global]
map to guest = Bad User
log file = /var/log/samba/%m
log level = 1
server role = standalone server
[guest]
# This share allows anonymous (guest) access
# without authentication!
path = /home/user/公共
read only = no
guest ok = yes
guest only = yes
======================
现在的情况是,在另一台电脑的文件管理器中输入IP地址
smb://172.48.175.45/
可以显示已经共享的文件夹“guest”,根据设想直接双击就应该进入这个文件夹,
但是双击打开的时候,弹出一个对话框,提示需要密码,并有两个可选项,
一个是“匿名”,点连接提示无法挂载位置。。。权限不够
另一个是“已注册用户”,输入当前用户的帐号密码后,错误同上。
不知道问题出在哪里。
宠辱不惊,闲看庭前花开花落;去留无意,漫随天外云卷云舒。
-
chinaz
- 帖子: 238
- 注册时间: 2007-02-07 9:23
Re: 求大佬给个能正常使用的Samba配置
又参考了两篇文章,原来的配置全删了,从0开始写了个配置,终于能用了。发出来作个笔记,有能用到的也可以参考一下。
https://wiki.archlinuxcn.org/wiki/Samba ... irect%3Dno
https://blog.csdn.net/nwpushuai/article ... s/81539260
问题的原因似乎与共享路径的权限有关,虽然都是777权限,但是"/home/user/公共"怎么弄都不行,"/temp"就可以。
============================================
[global]
create mask = 0777
directory mask = 2777
force create mode = 0777
force directory mode = 2777
map to guest = Bad User
log file=/var/log/samba/log.%m
max log size=5000
log level = 3
browseable=YES
pulibc=YES
writable=YES
read only=no
follow symlinks = yes
wide links = yes
case sensitive = no
locking = yes
oplocks = no
[guests]
comment = linux
path = /temp
read only = no
veto files = /*.exe/*.com/*.dll/*.bat/*.vbs/*.tmp/*.msi/*.old/*._mp/*.log/*.gid/*.chk/*.CHK/*.EXE/*.COM/*.LOG/*.TMP/*.DLL/*.VBS/*.MSI/*.bak/*.BAK/
public = yes
only guest = yes
writable = yes
printable = no
server min protocol = SMB2_02
server max protocol = SMB3
client min protocol = CORE
server min protocol = CORE
https://wiki.archlinuxcn.org/wiki/Samba ... irect%3Dno
https://blog.csdn.net/nwpushuai/article ... s/81539260
问题的原因似乎与共享路径的权限有关,虽然都是777权限,但是"/home/user/公共"怎么弄都不行,"/temp"就可以。
============================================
[global]
create mask = 0777
directory mask = 2777
force create mode = 0777
force directory mode = 2777
map to guest = Bad User
log file=/var/log/samba/log.%m
max log size=5000
log level = 3
browseable=YES
pulibc=YES
writable=YES
read only=no
follow symlinks = yes
wide links = yes
case sensitive = no
locking = yes
oplocks = no
[guests]
comment = linux
path = /temp
read only = no
veto files = /*.exe/*.com/*.dll/*.bat/*.vbs/*.tmp/*.msi/*.old/*._mp/*.log/*.gid/*.chk/*.CHK/*.EXE/*.COM/*.LOG/*.TMP/*.DLL/*.VBS/*.MSI/*.bak/*.BAK/
public = yes
only guest = yes
writable = yes
printable = no
server min protocol = SMB2_02
server max protocol = SMB3
client min protocol = CORE
server min protocol = CORE
宠辱不惊,闲看庭前花开花落;去留无意,漫随天外云卷云舒。
-
ghome9
- 帖子: 54
- 注册时间: 2023-01-11 11:12
- 系统: ubuntu22.04
Re: 求大佬给个能正常使用的Samba配置
/temp 文件夹 好像不适用于存放东西吧。 ubuntu 的/temp 重启 里面的东西就没了。
你好好想想 找个地方放。 /***自己建一个 /var/*** /home/*** 这种 建个文件夹 用来当samba文件吧。
你好好想想 找个地方放。 /***自己建一个 /var/*** /home/*** 这种 建个文件夹 用来当samba文件吧。
我大声地说:"我是小白,我是普通网民";所以我的发贴内容会有漏洞,不会是最新技术.请自行判断!
叠甲!最后,看个乐子就好!
叠甲!最后,看个乐子就好!
-
chinaz
- 帖子: 238
- 注册时间: 2007-02-07 9:23
Re: 求大佬给个能正常使用的Samba配置
今天一个偶然的机会找到了问题所在。最终还是权限的问题,不过情况出乎意料。
拟共享的文件夹:/home/user/公共
该文件夹权限是777
但是导致不能共享的原因居然是因为上级目录
/home/user的权限是700
/home/user权限修改为755后,问题排除。
也就是说samba共享文件夹的全路径中,所有目录层级中都不能有700这种权限,而不是仅仅检查末端文件夹的权限。
存档以后参考。
拟共享的文件夹:/home/user/公共
该文件夹权限是777
但是导致不能共享的原因居然是因为上级目录
/home/user的权限是700
/home/user权限修改为755后,问题排除。
也就是说samba共享文件夹的全路径中,所有目录层级中都不能有700这种权限,而不是仅仅检查末端文件夹的权限。
存档以后参考。
宠辱不惊,闲看庭前花开花落;去留无意,漫随天外云卷云舒。
-
astolia
- 论坛版主
- 帖子: 6703
- 注册时间: 2008-09-18 13:11
Re: 求大佬给个能正常使用的Samba配置
这是linux文件权限的基础了吧。目录缺读权限时无法读取内容(即列出其中有哪些文件),缺执行权限时无法进入下级目录。你这种情况用711都行
你访问失败后/var/log/samba/log.日志里也明确会说是chdir因权限不足失败
-
yinmingfff
- 帖子: 64
- 注册时间: 2018-12-18 0:09
- 系统: debian 12
- 联系:
Re: 求大佬给个能正常使用的Samba配置
我的这个也能用,但是权限有点放任:
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
logging = file
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<[email protected]> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
########## Domains ###########
#
# The following settings only takes effect if 'server role = classic
# primary domain controller', 'server role = classic backup domain controller'
# or 'domain logons' is set
#
# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/useradd --create-home %u
# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap config * : backend = tdb
; idmap config * : range = 3000-7999
; idmap config YOURDOMAINHERE : backend = tdb
; idmap config YOURDOMAINHERE : range = 100000-999999
; template shell = /bin/bash
# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
# Maximum number of usershare. 0 means that usershare is disabled.
# usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/tmp
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
[可写]
path = /home/yinxiuqu/公共/可写
browseable = yes
read only = no
guest ok = yes
writable = yes
guest only = yes
create mask = 0777
directory mask = 0777
[只读]
path = /home/yinxiuqu/公共/只读
browseable = yes
read only = yes
writable = no
guest ok = yes
writable = yes
guest only = yes
create mask = 0644
directory mask = 0755
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
logging = file
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<[email protected]> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
########## Domains ###########
#
# The following settings only takes effect if 'server role = classic
# primary domain controller', 'server role = classic backup domain controller'
# or 'domain logons' is set
#
# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/useradd --create-home %u
# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap config * : backend = tdb
; idmap config * : range = 3000-7999
; idmap config YOURDOMAINHERE : backend = tdb
; idmap config YOURDOMAINHERE : range = 100000-999999
; template shell = /bin/bash
# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
# Maximum number of usershare. 0 means that usershare is disabled.
# usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/tmp
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
[可写]
path = /home/yinxiuqu/公共/可写
browseable = yes
read only = no
guest ok = yes
writable = yes
guest only = yes
create mask = 0777
directory mask = 0777
[只读]
path = /home/yinxiuqu/公共/只读
browseable = yes
read only = yes
writable = no
guest ok = yes
writable = yes
guest only = yes
create mask = 0644
directory mask = 0755