由 silver810212 在 11-17-2002 01:54 发表:
samba三种类型的共享(只读、可写、需要密码)怎么实现?
samba三种类型的共享(只读、可写、需要密码)怎么实现?
帮我看看我的设置有什么问题,为什么在网上邻居上浏览admin 和 public需要用户名和密码,但无论输什么都没用?
还有最前面的#和;用什么区别?
我的smb.conf:
This is the main Samba configuration file. You should read the
smb.conf(5) manual page in order to understand the options listed
here. Samba has a huge number of configurable options (perhaps too
many!) most of which are not shown in this example
Any line which starts with a ; (semi-colon) or a # (hash)
is a comment and is ignored. In this example we will use a
for commentry and a ; for parts of the config file that you
may wish to enable
NOTE: Whenever you modify this file you should run the command "testparm"
to check that you have not made any basic syntactic errors.
#======================= Global Settings =====================================
[global]
workgroup = NT-Domain-Name or Workgroup-Name
workgroup = 99gc
netbios name = silver
server string is the equivalent of the NT Description field
server string = lijiangtao's redhat linux 8.0 Samba Server
This option is important for security. It allows you to restrict
connections to machines which are on your local network. The
following example restricts access to two C class networks and
the "loopback" interface. For more examples of the syntax see
the smb.conf man page
hosts allow = 192.168.0. 192.168.2. 127.0.0.1
if you want to automatically load your printer list rather
than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers =no
It should not be necessary to spell out the print system type unless
yours is non-standard. Currently supported print systems include:
bsd, sysv, plp, lprng, aix, hpux, qnx
printing = linux printer
Uncomment this if you want a guest account, you must add this to /etc/passwd
otherwise the user "nobody" is used
guest account = linux
this tells Samba to use a separate log file for each machine
that connects
log file = /var/log/samba/%m.log
Put a capping on the size of the log files (in Kb).
max log size = 0
Security mode. Most people will want user level security. See
security_level.txt for details.
security = share
Use password server option only with security = server
The argument list may include:
password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
or to auto-locate the domain controller/s
password server = *
password server =
1<nt-server-name>
2
3
4
5# Password Level allows matching of _n_ characters of the password for
6
7# all combinations of upper and lower case.
8
9password level = 0
10
11username level = 0
12
13
14
15# You may wish to use password encryption. Please read
16
17# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
18
19# Do not enable this option unless you have read those documents
20
21encrypt passwords = yes
22
23smb passwd file = /etc/samba/smbpasswd
24
25
26
27# The following is needed to keep smbclient from spouting spurious errors
28
29# when Samba is built with support for SSL.
30
31; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
32
33
34
35# The following are needed to allow password changing from Windows to
36
37# update the Linux system password also.
38
39# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
40
41# NOTE2: You do NOT need these to allow workstations to change only
42
43# the encrypted SMB passwords. They allow the Unix password
44
45# to be kept in sync with the SMB password.
46
47unix password sync = yes
48
49passwd program = /usr/bin/passwd %u
50
51passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
52
53
54
55# You can use PAM's password change control flag for Samba. If
56
57# enabled, then PAM will be used for password changes when requested
58
59# by an SMB client instead of the program listed in passwd program.
60
61# It should be possible to enable this without changing your passwd
62
63# chat parameter for most setups.
64
65
66
67pam password change = yes
68
69
70
71# Unix users can map to different SMB User names
72
73username map = /etc/samba/smbusers
74
75
76
77# Using the following line enables you to customise your configuration
78
79# on a per machine basis. The %m gets replaced with the netbios name
80
81# of the machine that is connecting
82
83; include = /etc/samba/smb.conf.%m
84
85
86
87# This parameter will control whether or not Samba should obey PAM's
88
89# account and session management directives. The default behavior is
90
91# to use PAM for clear text authentication only and to ignore any
92
93# account or session management. Note that Samba always ignores PAM
94
95# for authentication in the case of encrypt passwords = yes
96
97
98
99obey pam restrictions = yes
100
101
102
103# Most people will find that this option gives better performance.
104
105# See speed.txt and the manual pages for details
106
107socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
108
109
110
111# Configure Samba to use multiple interfaces
112
113# If you have multiple network interfaces then you must list them
114
115# here. See the man page for details.
116
117; interfaces = 192.168.12.2/24 192.168.13.2/24
118
119
120
121# Configure remote browse list synchronisation here
122
123# request announcement to, or browse list sync from:
124
125# a specific host or from / to a whole subnet (see below)
126
127; remote browse sync = 192.168.3.25 192.168.5.255
128
129# Cause this host to announce itself to local subnets here
130
131; remote announce = 192.168.1.255 192.168.2.44
132
133
134
135# Browser Control Options:
136
137# set local master to no if you don't want Samba to become a master
138
139# browser on your network. Otherwise the normal election rules apply
140
141; local master = no
142
143
144
145# OS Level determines the precedence of this server in master browser
146
147# elections. The default value should be reasonable
148
149; os level = 33
150
151
152
153# Domain Master specifies Samba to be the Domain Master Browser. This
154
155# allows Samba to collate browse lists between subnets. Don't use this
156
157# if you already have a Windows NT domain controller doing this job
158
159; domain master = yes
160
161
162
163# Preferred Master causes Samba to force a local browser election on startup
164
165# and gives it a slightly higher chance of winning the election
166
167; preferred master = yes
168
169
170
171# Enable this if you want Samba to be a domain logon server for
172
173# Windows95 workstations.
174
175; domain logons = yes
176
177
178
179# if you enable domain logons then you may want a per-machine or
180
181# per user logon script
182
183# run a specific logon batch file per workstation (machine)
184
185; logon script = %m.bat
186
187# run a specific logon batch file per username
188
189; logon script = %U.bat
190
191
192
193# Where to store roving profiles (only for Win95 and WinNT)
194
195# %L substitutes for this servers netbios name, %U is username
196
197# You must uncomment the [Profiles] share below
198
199; logon path = \\\%L\Profiles\%U
200
201
202
203# Windows Internet Name Serving Support Section:
204
205# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
206
207; wins support = yes
208
209
210
211# WINS Server - Tells the NMBD components of Samba to be a WINS Client
212
213# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
214
215; wins server = w.x.y.z
216
217
218
219# WINS Proxy - Tells Samba to answer name resolution queries on
220
221# behalf of a non WINS capable client, for this to work there must be
222
223# at least one WINS Server on the network. The default is NO.
224
225; wins proxy = yes
226
227
228
229# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
230
231# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
232
233# this has been changed in version 1.9.18 to no.
234
235dns proxy = no
236
237
238
239# Case Preservation can be handy - system default is _no_
240
241# NOTE: These can be set on a per share basis
242
243preserve case = no
244
245short preserve case = no
246
247# Default case is normally upper case for all DOS files
248
249default case = lower
250
251# Be very careful with case sensitivity - it can break things!
252
253case sensitive = no
254
255
256
257#============================ Share Definitions ==============================
258
259;[homes]
260
261; comment = redhat linux 8.0
262
263; writable = no
264
265; valid users = %S
266
267; create mode = 0664
268
269; directory mode = 0775
270
271# If you want users samba doesn't recognize to be mapped to a guest user
272
273; map to guest = bad user
274
275
276
277
278
279# Un-comment the following and create the netlogon directory for Domain Logons
280
281; [netlogon]
282
283; comment = Network Logon Service
284
285; path = /usr/local/samba/lib/netlogon
286
287; guest ok = yes
288
289; writable = no
290
291; share modes = no
292
293
294
295
296
297# Un-comment the following to provide a specific roving profile share
298
299# the default is to use the user's home directory
300
301;[Profiles]
302
303; path = /usr/local/samba/profiles
304
305; browseable = no
306
307; guest ok = yes
308
309
310
311
312
313# NOTE: If you have a BSD-style print system there is no need to
314
315# specifically define each individual printer
316
317;[printers]
318
319; comment = All Printers
320
321; path = /var/spool/samba
322
323; browseable = no
324
325# Set public = yes to allow user 'guest account' to print
326
327; guest ok = no
328
329; writable = no
330
331; printable = yes
332
333
334
335# This one is useful for people to share files
336
337;[tmp]
338
339; comment = Temporary file space
340
341; path = /tmp
342
343; read only = no
344
345; public = yes
346
347
348
349# A publicly accessible directory, but read only, except for people in
350
351# the "staff" group
352
353;[public]
354
355; comment = Public Stuff
356
357; path = /home/samba
358
359; public = yes
360
361; writable = yes
362
363; printable = no
364
365; write list = @staff
366
367
368
369# Other examples.
370
371#
372
373# A private printer, usable only by fred. Spool data will be placed in fred's
374
375# home directory. Note that fred must have write access to the spool directory,
376
377# wherever it is.
378
379;[fredsprn]
380
381; comment = Fred's Printer
382
383; valid users = fred
384
385; path = /home/fred
386
387; printer = freds_printer
388
389; public = no
390
391; writable = no
392
393;</nt-server-name>