At the same time, often in one local area, it is possible to spy on computers under Linux and Windows. The reasons for such a symbiosis can be different: for example, the Internet cafe did not have money for a licensed OS for all computers, but the system administrator simply got the positive side of Linux. The popularity of operating systems from Microsoft is rich in why it can be attributed to client software for Windows. It's not a secret that the whole software sector is more than faulty. The impersonal firms reported to tsgogo serious zusil and did really good things, and the smut, sruchni in vikoristanny programs, yakі can easily master the ordinary koristuvach. Then, as a server, the position of Windows is no longer so unambiguous. The server under the control of Unix is ​​traditionally considered to be reliable, stable in robots, safe and mostly less powerful to system resources. Ale, in any case, just connecting computers with different software platforms to the extent, we do not take an estimated result. The whole problem is that these two systems vicorist have different principles of organization of merging resources, which are unimaginable among themselves.
So, at the mercy of Microsoft, you don’t have to check, and Windows is unlikely to learn how to work with the Unix file system (NFS) using standard methods, and third-party programs, I honestly don’t know, the most popular way is to try to learn Unix “pretend”, nibi b vin - Windows NT.

Interaction with the network of computers under the supervision of Windows is prompted on a different protocol SMB (Server Message Block)- Server alert blocks. Vіn ensure the vikonannya of all the necessary tasks for these activities, the task of checking and closing, reading that record, searching for files, creating and viewing catalogues, setting the task for another view and seeing it. Everything you need for this kind of work is implemented in Unix-like operating systems for an additional version of the package SAMBA. Possibility of yoga can be mentally divided into two categories: resource management (under what circumstances access to the printer system and files) for Windows clients and access to client resources. So the computer running Linux can act as both a server and a client. Let's take a look at the SAMBA server option.

How can you secure SAMBA for normal work in Windows? In the first place, access control, which can be implemented either on the equal resources (share level), if a password is assigned to a resource in a measure, that viable rule of choice (for example, “read only”), if this resource cannot be absolutely desired value; otherwise, I’ll finish that gnuchka organization on the level of the coristuvach, if a skin record is created for the skin coristuvach, then all the necessary information about the rights to access the resource will be cleared. The first step is to take access to the required resource, the skin must be authenticated, after which you are granted the right to access cloud records. In another way, it is necessary to emulate access rights, as they are assigned by the file system. On the right, in that the systems have access rights to files and directories on the disk organized differently. Unix traditionally has three categories of core files: Vlasnik (owner), groupі reshta (other). Skin s of these subjects can be given read rights (read), writeі vikonannya (execute). In Windows NT, the system is accessed by little gnuchkish, access is granted to certain groups or to corystuvachs, and the different access rights are assigned only to the skin subject. Therefore, it is impossible to fully emulate SAMBA access rights stored in NTFS.

With clients Windows 9x, Right otherwise. Since the DOS system hasn’t been used for hours, because the system is single-source and about the same core-lists and more groups and couldn’t be moved, for the FAT file system, all attributes have been assigned. only reading (read only), system (system), archive (archive) and attachments (hidden). Plus, in Windows, on Unix windows, there can be a special file extension - those that are recognized for the wiki, may have an extension of .exe, .com or .bat. When copying files from Unix machines to a Windows computer, the attributes are set as follows:

reading pads- Reading, writing for the vlasnik;

archival- Vikonannya for Vlasnik;

systemic- Vikonannya for the group;

prihovaniya - vikonannya for groupi.

A network of Windows machines can be organized as a workgroup (workgroup), if the computers are independent of each other and the skin has its own password database and logins with its own security policy, and navigate like an NT domain. The entire database for authentication of coristuvachіv and computers keruєtsya primary domain controller (PDC, Primary Domain Controller), then. centralized. Samba allows you to bridge access on all levels and disables the "head browser" functionality in the context of a workgroup or a domain controller.

Іz zagalnoorganіzatsiymi podіbralis. Let's now take a look at the implementation of that SAMBA server setup in Linux. For the Samba server to work, it is necessary that two daemons be launched: smbd, which will ensure the robot of the service of a friend and the submission of files for Samba clients (such as Windows of all suits), and nmbd to ensure that the NetBIOS naming service is running (it can be used to power other naming service daemons). For access to clients, a protocol is required TCP/IP. As a rule, Samba is installed at once from the Linux distribution. How to distort? Just give the command:

$whereis samba

and you are guilty of otrimati on kshtalt tsgo:

Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz

If it doesn't appear in the standard distribution, then you are kindly requested to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or, in practice, to any server with programs for Linux. The package is easy to install, so that it does not take time, we will take into account what wine you have installed. Now let's review what the daemon launches:

$ps-aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D

I already have, like bachite, running. If you don’t have anything, but you want to start the wine when the system is busy, then in Linux Mandrake, for example, indicate the required item DrakConf— start services or in Red Hat Control Panel— Service Configuration ring out which one is enough. Or run it manually: ./etc/rc.d/init.d/smb start. The single Samba configuration file is called smb.conf and should be located under the /etc directory (if AltLinux wants to be under the /etc/samba directory, for example). The SAMBA service reads the first 60 seconds, so the changes made to the configuration will increase the rank without reloading, but will not expand on the already installed system.

Axis for what I love Linux, for those configuration files є great text (before the well-commented in the middle), and in order to set more parameters, it’s enough to just comment on the different row. The smb.conf file is no fault. Wines are folded from the names of the divisions, which start from the name of the division laid at the square bow. In the middle of the skin division there are a number of parameters at the look of key=value. The config file is divided into , , and okremі resources (shares). Like a shrill name, spread out the most significant characteristics, like it will be zastosovuvatysya skrіz, but yak, meanwhile, can be re-named in sections for other resources. Deyakі parameters tsgogo razdіlu susuyutsya nalashtuvannya client part of Samba.

Values ​​of typical parameters in the section global:

Workgroup = name_group # name of the workgroup in the Windows merge netbios name = server name in the merge server string = comment as seen by authorities reviewing the merge nobody # name, for which guest access to the system is allowed security = user # Price for access. user - based on the koristuvach's account, security = share - authentication based on the password name. When saving the database of passwords on another SMB server, the values ​​security=server and password server=name_server_NT are set. If the server is a member of a domain, the value security = domain is chosen, the password for access is specified for the file assigned for the additional option smb passwd file = /path/to/file.

In addition, under the hour of registration can win encrypted (encrypted) and unencrypted (plain-text) passwords. Stay tuned for older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (before Service Pack 3)). To increase the choice of an encrypted password, the option encrypt password = yes is used. Please pay special attention to this option. In older Linux distributions, which were created in the era of Windows 95 (and more with the old version of Samba), password encryption was enabled for locking, and samba before version 2.0 this regime is not respected (before the speech, tsya option and similar to it - those that do not get access to specific resources - they win and in the client).

For the correct display of Russian file names, the following options are required: client code page = 866 and character set = koi8-r. In distributions with different localization, for example, similar types of Mandrake and Russian ones, there is a row already, sometimes you just need to comment, but in more cases, you need to add it yourself.

Option interfaces = 192.168.0.1/24 Specifies whether such a network (interface) can run a program, such as a connection server up to a number of networks. If you set the bind interfaces only = yes parameter, the server will be allowed to request only 3 of them.

hosts allow=192.168.1. 192.168.2. 127. — designates clients who are allowed access to the service.

In the global section, you can choose different changes for a larger flexible server setup. After the establishment of the appointment, the replacement of them is presented with real significance. For example, the directive log file = /var/log/samba/%m.log, %m will help you set an okrem log file for the skin client machine. The axis of the most coexisting changes that are featured in the global section:

%a - OS architecture on the client machine (possible values ​​are Win95, Win NT, UNKNOWN, etc.);

%m - NetBIOS-name of the client's computer;

%L - NetBIOS name of the SAMBA server;

%v - SAMBA version;

%I - IP addresses of the client's computer;

%T - date that hour;

%u - name of the koristuvach, who works from the service;

%H is the home directory of the coristuvach %u.

Also, for a larger gnuchka installation, the include directive is required, which will change it more. For example: include = /etc/samba/smb.conf.%m - now, when downloading from the sales computer, the configuration will be taken from the /etc/samba/smb.conf.sales file for the presence in the /etc/samba/smb.conf.sales file. If there is nothing to clean up the file, if the machine has nothing to clean up, then the work will be done with it.

Also є cіkava mozhlivіst virtual server creation. For which hack is the netbios aliases parameter:

Netbios aliases = sales accounting admin

Now it is punishable by Sambi, so for the skin virtual server it was created its own configuration file:

Include = /etc/samba/smb.conf.%L

In the window of the Merezha browser, three servers will be visible: sales, accounting, admin.

Enabling the preserve case and short preserve case options to stun the server to save all information from the case of the characters (for Windows, case is not allowed, for all Unix it is).

Razdіl allows koristuvachs to connect to their working catalogs without an explicit description. When the client requests its directory //sambaserver/sergej, the machine searches for the current description of the file and still does not know it, looking over the presence of the distribution. As soon as I split it, I look at the password file for searching the working directory of the koristuvach, so that I can ask it, and if necessary, make it available to the koristuvach.

A typical description of this division looks like this:

Comment = Home Directories # a comment that can be seen by the authorities of the region browseable = no # Specifies that a resource is displayed in the list. writable = yes # allow (no - hinder) writes to the home directory create mode = 0750 # permissions for newly created files directory mode = 0775 # tags, albeit only for directories

After adjusting the parameters for locking, you can create less resources, access to which can be taken by either a single core or a group of cores. Such a resource is created from the already known directory, for which the file is written:

Comment = Public Stuff path = /home/samba public = yes writable = no printable = no write list = administrator, @sales

The path parameter specifies the directory where the resource is located; the public parameter specifies what can be hosted by the guest resource, and printable - what can be hosted as a resource for a friend. The write list parameter allows you to set the value of writable, which is allowed to write to the resource independently of the writable value (this application has a core administrator and group sales). It is possible to select the opposite list - read list. If it is necessary to attach some files, then in Unix/Linux for which file name it is necessary to start from dots (the hide dot files parameter, which regulates the attachment of files, for promoting yes). In addition, you can set templates for the names of attached files, for which the hide files parameter is selected. The skin pattern starts and ends with the slash character (/) and can replace the symbols that stop at regular browsers. For example: hide files = /*.log/??.tmp/. Such tricks can be avoided by Windows bugs by using Explorer's "Show attachments and system files" mode. For added sharing of accessibility (possibility of being deleted) to a file (directory), select the parameters veto files and delete veto files.

Three CD-drives on the right troch folded. On the right, in the fact that in Unix-like systems the disk is not understood as such, and in order to take access to the required add-on, it can be mounted into a directory tree (# mount -t iso9660 /dev/cdrom /mnt/cdrom) , and if you try, so as not to destroy the file system, the language is unmounted (# umount /dev/cdrom), otherwise the attachment simply won't open the disk. How do you have a daemon running on your server? autofs, then the problem simply disappears. In order to add an extra value that doesn't break the song hour, but automatically unmounts, set the required value of the timeout parameter in the /etc/auto.master file. For example:

/mnt/auto/etc/ --timeout=5

(a similar row is already there, it is more necessary to comment on it). Let's set the options for the optional add-on in the /etc/auto.tab file:

cdrom -fstype=auto,ro:/dev/cdrom

If so, it is written in /etc/smb.conf the following rows to make this resource available:

Path=/mnt/cdrom writable=no

Another option is to use different preexec and postexec directives, which indicate that the commands need to be changed when going to the resource and then after entering the new one (you can specify parameters for any resource and go to the global section, which shows great possibilities).

Path = /mnt/cdrom read only = yes root preexec = mount /mnt/cdrom # mount the resource can only be root root postexec = umount /mnt/cdrom # naturally, these mount points are due to be described in /etc/fstab, otherwise It is necessary to indicate that other data.

Now, when downloading to the resource, the CD-ROM is automatically mounted, unless it is unmounted. The whole problem is that the decision about closing the resource can be accepted by the server - clients, as a rule, do not inform about it. Also, note that the resource is being charged at once for a few times that one computer is missing the resource file for that resource (Device busy). That CD-ROM is not automatically unmounted, the only good way to get a resource is to look for an additional utility smbstatus number of the process, which resource is given, and enter it with the #kill pid_number command (or kill-s HUP pid_number).

Having installed the necessary configuration, now we create the form of the record of the coristuvachs (creating the guest entrance with the minimum rights of nobody). To identify SAMBA rooters, the file /etc/samba/smbpasswd is hacked to retrieve the names and encrypted passwords of rooters. Although the encryption mechanism in Windows-based machines is not the same as the standard Unix-mechanisms, a utility is used to fill the password file. smbpasswd.

# useradd -s /bin/false -d /home/samba/sergej -g sales sergej # smbpasswd -a sergej # smbpasswd -e sergej

Whose butt is getting a new coristuvach sergej, scho lie group sales, with a fictitious shell (the options are /sbin/nologin, /dev/null) and the home directory /home/samba/sergej. Let's create the password of the koristuvach sergej for zamovchuvannyam vіn vymkneno. Tsіkavy moment, which can be beaten for an hour with a pantel. On the right, when a Windows NT/2000 computer is connected to the SAMBA server, it prompts you to enter a login and a password, and if a Windows 9x/Me computer is required for access, you are prompted to enter only password, and the login is formed automatically with the registered registration name.

You can also pair a number of Windows cores with one Linux/Unix core. For which the setting file /etc/smbusers.map is created, in which order the skin setting is set:

koristuvach_ linux = user_win1 user_win2 user_winN

For the distribution, add the row username map = /etc/smbusers.map. If so, Windows is guilty of registering with the password of the coristuvac, with some vins.

For the help of SAMBA, it is possible to organize the possibility of a networked friend with a Windows computer under the supervision of Windows (as it is planned to have an okremium server for a friend, then it will be enough for a machine with a 486-processor upgrade).

For which section it is necessary to write down the following rows:

Printcap name = /etc/printcap # description file for printers connected to the system load printers = yes # Indicates the need for automatic inclusion in the list of shared resources printing = lprng # other system (for Linux, bsd can also be used).

Path = /var/spool/samba # Specifies the directory where the other jobs are located browseable = yes printable = yes read only = yes

After creating the file, protest yoga for additional utility testparm. Unfortunately, for the help of this program, it is possible to show only syntactical pardons, and not logical ones, so there is no reasonable guarantee that the services described in the service file will be correctly processed (when testing, all settings will be shown, look at those, as if they were installed after the lock, - that is important to reconsider. ). But if the program does not weld, you can be sure that when you start the file, it will be captured without problems. The correctness of robotic printers that have been passed from the /etc/printcap file, from the SAMBA server can be checked for additional utilities testprns. Plus, don't forget about log-files: if you find problems, you can find solutions there.

Now troch about good. Samba configuration is a straightforward procedure, and the distribution comes with a Web-based administration tool, which is called swat(Samba Web Administration Tool,). Swat is launched as a service or for the help of the Apache server and assignments for editing the smb.conf file, as well as for rechecking, starting that Samba daemons, changing the passwords of the cores. To see if the service is working, the /etc/services file has the swat 901/tcp string, and the /etc/inetd.conf file has the swat stream tcp nowait.400 root /usr/local/samba/bin/ swat swat inetd, as a rule, in older distributions; modern distributions have more hijacking options xinetd). In order to win with any swat in the /etc/xinet.d directory, create a swat file like this:

Service swat ( disable = no port = 901 socket_type = stream wait = no only_from = 127.0.0.1 # order to start only from local machine user = root server = /usr/sbin/swat log_on_failure += USERID )

Now, to launch Swat in a different browser, enter:

http://localhost:901

Ale before tsim obov'yazkovo to create a coristuvach admin let's describe it in a different way. Do not start the SAMBA service under the name root.

After all changes in the smb.conf file, it is also necessary to restart the daemon:

Smb: /etc/rc.d/init.d/smb restart

Since, after all the refurbishments, it was not possible to organize access to SAMBA resources, then in the future, such utilities will help ping(To check the availability of the university in the merezh), nmblookup(for requesting NetBIOS names), or in extreme cases tcpdump. І do not forget about access rights, even if you have given the directory /gde/to/w/glubine for the coristuvach, you will grant the ability to read (the right to see) and the previous directories.

Now let's talk about using the Samba client, even if we (Linux hardcore users) also want to work with the Windows resources. To find out if the resources are available, you need to enter the command /usr/bin/smbclient -L host_name. The program asks for a password; Now, to connect to the required resource, enter computer name and required resource. For example:

# /usr/bin/smbclient \Alex\Sound

(Here we try to connect to the Sound folder on Alex's computer). As a result, if the command is entered correctly and such a resource is available, you can take the password prompted. Enter it or press the Enter key, as the password is not required for access. You must deny the client's samba request: smb: >. The robot is given a way to a set of commands, with the help of which it is possible to perform all the necessary operations with the robot with files (copying, folding, moving etc.). To debug it, enter smb: > help. This mode is not easy to handle, so the module is more vipadkiv smbfs how to enter the samba warehouse; However, in older distributions, the kernel can be rebuilt without the smbfs trim, and you may have to re-select it. In order to mount the required resource, type in the number of the following:

Mount -t smbfs -o username=user,password=123456,iocharset=koi8-r,codepage=866 //alex/sound /mnt/sound.

If you don't give me the correct password, the system will ask you for it. Don't forget that, after looking at the ~HOME/.bash_history file, you can follow the commands, as you typed, to find out the password. One more subtlety: even though the smbclient program correctly renders files with Russian names, the smbfs module sometimes does not write code otherwise, absolutely no respect, so you must specify it explicitly. It seems that you can fix it with a patch, but I don’t know anything for Red Hat yet.

If you want the SMB resource to be mounted automatically at system startup, add something like this to the /etc/fstab file:

//[email protected]/sound /mnt/alex/sound smbfs rw, noauto 0 0.

Whose butt in the name of koristuvach guest(if the resource supports this koristuvach and if the koristuvach can access only with a password, then don’t boast: you can power it up) The sound resource on the alex computer is mounted in the /mnt/alex/sound folder and can be written to the whole directory. Before we speak, the Samba client is kind enough to attach some resources to that. tі, for some merezhev im'ya ends with the sign $.

Like a bachite, to bring pratsyuvati from the command line, like a quiet zhah from a modern-day koristuvach. And here is the world of OpenSource for you and your mind - a lot of utilities have been created that allow you to work with Samba-resources in a different way, pushing buttons in graphic shells. The most popular program that comes with Mandrake distributions and similar ones, as well as Debian - gnomba. You can find out about it on most servers with software for Linux (at ftp://ftp.altlinux.ru/ for sure). This utility allows you to look through the available resources () and, if necessary, mount to the required directory, if possible, the mounting option from the assigned login and password for these resources, how to change it. Possible launch of the file manager for an hour of mounting (for locking) gmc), creating directories for resources that are mounted, setting options for automatic scanning when the program starts (possibly with the SMB protocol for locking) and scanning for IP addresses (planned for using the WINS protocol). For unknown reasons, in some distributions, when scanning for the additional SMB protocol, no resources were displayed, so I need to use another method, since it is silent, you just need to specify the range of the IP address for scanning (you know). In order to display the Russian file names correctly, do not forget to install the koi8-r font in the contributor Options > Select font, and also reverse the rows that indicate the Cyrillic encoding in the smb.conf file (div. higher).

Like gnomba, you can just mount and unmount resources, then the program xsmbrowser allowing you to enter them as folders on the local computer (). True, I have not yet been able to download the program to understand the files with Russian names, but there are positive sides: with the robots of the program, all the commands for mounting and different media are displayed on the console, which allows you to kindly explore them. KDE retailers also tried: through Preferences > Information utility available Samba Status, which displays all connections to / from the local computer, which can be immediately reviewed by hand.log-files. Similar information is provided by the utility komba, which can be found at http://linux.tucows.com/ ().

Even though I want to tell you more, but a magazine is a magazine - you can’t fit everything. Dali to help you come all over the place man and info. Also, all the necessary advanced information can be retrieved from the SWAT utilities, before that Red Hat 7.3 had a book called Using Samba Robert "a Eckstein"(English language - bad, absolutely no cost - good: /usr/share/swat/using_samba), also available from SWAT (). At the directory /usr/share/doc/samba you can find additional documentation, FAQ and attach configuration files. In other forums, you can share super-sharp thoughts about the Samba robot, from the very negative ones to the point of confusion. I am especially on the side of the Windows NT emulator, before that, according to the test results, with the same owner, the Samba server shows productivity by about 25-30% higher than the computer under the control of the Microsoft system. Success.

(To one of the readers for food on this topic!). So, I'll tell you, as if to say, that Documents downloaded files from your personal computer.

For access to PC files, we use SMB technology.

SMB (short for Server Message Block) is an application layer protocol for remote access to files, printers and other network resources, as well as for cross-process communication.

For manual robots and the installation of iPad, iPhone, iPod Touch, you must be in the same Wi-Fi network with your computer.

Setting up SMB for Documents

Go to the setup program (icon at the top left corner). Let's keep ticking and scribble "Merezha" and press "Add oblique note".

Choose a service to save Windows SMB.

Lost to enter the parameters:

• Name - write what you want. :)
• URLs - see below for Mac OS and Windows.
• The domain is not a binding point.
• Login - the login of the koristuvach on the computer, which can access the files (div. divided below)
• Password - the password of the koristuvach on the computer (div. expanded below)

Everything, SMB is configured. Now you can remove access to computer files literally in 1 click, and you can easily read them, copy them, or change them.

Setting up SMB on Mac OS (OS X)

Open the System settings and find the “Spiral access” item.

If you click on the “Parameters” button, you can select it, in which the checkbox is needed next to the item: Allow access to files and folders for the SMB help.

Also, specify which physical record will be accessed via SMB (you will need to enter a password for that).

Now at the vіknі add “Spile folders”. You will see them for yourself at Documents. I koristuvachiv, yakі matimut access to them.

Setting up SMB on Windows

Windows is better at recognizing its own IP address. You can do it by pressing the Win + R keys. It appears in the window of the cmd program (command row). There, type in the ipconfig command (and press Enter). Your row is "IPv4 Address". The IP itself needs to be entered in Documents.

Login and password can be changed to the one that you can change to enter Windows. Gave you full access to the folder, as you want it to be accessible via SMB.

Rights mouse button on dad. Select "Power" from the menu. And then the "Access" tab and in it you need to press the "Global Access" button.

This is a simple way that allows you to add a folder for SMB. Expansion of customization for specific situations follow the search on specialized sites.

Setting up Samba on Linux (and other UNIX machines) is controlled by a single file, /etc/smb.conf . Select this file, to which system resources you want to give access to the outside world and if you want to give access to these resources.

Oskіlki nadzhіlі razdili privjacheni organіzatsії access to іn disks and printerіv Linux for Windows machines, file smb.conf, indications yоmu razdelі є butt, including the method of introduction.

Don't worry too much about the details. Steps were taken to complete the main concepts.

The split file skin starts from the split header, such as , , , etc.

The section determines how to change, like Samba wins access to all resources.

Allowed remote mothers to access their (and only their) home directories on a local Linux machine. Also, just as Windows rooters are trying to connect to whichever partition they have on their Windows machines, they will be connected to their personal home directories. Respectfully, in order to get it, the stench can be registered on a Linux machine.

A simple smb.conf file, hovering lower, allows distant mothers to access their home directories on the local machine and write to the time directory. In order for Windows to be able to provide resources, the Linux machine is responsible for local storage. If so, just plug in some disks for the help of Windows File Manager or Windows Explorer.

Respectfully, in the upcoming sections there will be given additional records for this file, to give access to more resources.

; /etc/smb.conf; ; Reconsider and restart the server after the changes have been made to this; file, for example: ; /etc/rc.d/init.d/smb stop; /etc/rc.d/init.d/smb start; Comment on this row, if you want to give access to the koristuvachevі "guest"; guest account = nobody log file = /var/log/samba-log. space path=/tmp read only=no public=yes

After writing a new smb.conf file, carefully reverse it to be correct. You can check the correctness of the smb.conf file by using the testparm utility (providing side: testparm); In order for testparm to tell you about the occurrence of problems, smbd will correctly command the file to be fixed.

Cool trick: If the Samba server can have more than one ethernet interface, then smbd can connect to the wrong one. This is also the case, so you can explicitly change the way to connect to the required one by adding a row of divisions to the /etc/smb.conf file:

Interfaces = 192.168.1.1/24

here, change the pointing address to the address of your ethernet interface. The value 24 is correct for a class C measure, but you may need to change the value so that you split it into a subdivision. This number is brought up to the mesh mask. Numbers of other classes in the netting in the IP-Masquerade mini-HOWTO.

There is also a GUI utility for setting up Samba: GtkSamba.

2. Retrieve access to Microsoft resources.

3. Develop documents on Microsoft tethered printers, and also allow you to mark your printer as a tethered printer.

When installing at the first stage, you need to install the samba, samba-common and samba-client packages:

# rpm -ih /mnt/cdrom/Mandrake/RPMS/samba*

If you choose another distribution kit (not Mandrake, as specified in the appendix), go to the required directory.

The samba package and two main files - smbd and nmbd. The first one carries the 8MB protocol, and the other one handles the NetBIOS namespace. As soon as they are fixed, your computer will look good in the future.

Once the smbd and nmbd services are installed, they are configured as autostart, so you won't be able to independently work every day when they start. Possibly, such an option is not in your power (for example, in quiet depressions, it is rare that they are carried out before them, and you want to remember). In this situation, no one cares to add them to the superserver configuration file /etc/inetd.conf and run "on demand". In case of this, do not forget to use the auto-advantage for the help of the system configurator.

If you have a distribution, you will see the configuration of the Samba package "manually" so that you do not go to the help of the configurator. You can tweak the netconf configurator (div. Fig. 9.1), but in this way you can use one “ale”: you can also change Samba or your server service in another distribution (not Red Hat or Mandrake), you can And don’t be, it’s your fault to know if you would like to recognize that roztashuvannya system files in those other server services.

Rice. 9.1. Samba configuration

So you've already checked the configurator, run netconf and go to the Server Tasks tab and select samba configuration (div. small 9.1).

With the help of the netconf configurator, you can upgrade the Samba package - from setting the main parameters (div. small. 9.2) to the selection of high resources (div. fig. 9.3).

Rice. 9.2. Global parameters

Rice. 9.3. Appointment of global resources

The main configuration file for the Samba server is the /etc/smb.conf file. In the new, all the resources are given, that they win and hope. The format of the file is guessed by the format of the INI file of Windows programs, for example, win.ini. The /etc/smb.conf file is composed of a number of sections, on the cob of the skin of which the square arms are assigned її іm'ya. Parameters in the skin section are specified as entries Name=3value. The main section, її the butt is pointed at listing 9.1.

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

interfaces = 192.168.1.1/24 192.168.2.1/24

The workgroup parameter assigns a workgroup to the NT domain. The comment parameter is the same as the NT Description parameter for Windows NT or Description for Windows 9x. The guest account parameter sets the name of the host. The entry "guest" as a koristuvach means that koristuvachs deny access without registration. Vernishe, the registration is still being considered, but the guest's oblique record is being won.

Next parameter - the security parameter can take three values:

share - in case of dermal access, it will be requested from the resource of the coristuvach.

user - for authentifikatsiy vykoristovuvatimeet іm'ya koristuvacha that password, yakі vykoryvayutsya to enter the Windows measure. Tse meaning vikoristovuєtsya for zamovchuvannyam.

server - NT server is available for password verification.

The entries printing and printcap name are passed to each subsystem. The first of them assigns the system to another BSD type, and the other one - to indicate, unstash the file to remove information about printers. We'll talk a little bit about setting up printers.

The client code page and character set parameters are necessary for the correct display of Russian file names in the Windows file system.

In Windows NT, starting with Service Pack 3, the transmission of passwords as needed is encoded. Remaining versions of Samba will give you the ability to upgrade. For which it is necessary to insert the value of the encrypt password parameter, which is more like yes. If your version of Samba does not support this capability, you can enable Windows to use encrypted passwords. For those that you happen to manually change the registry setting of all Windows workstations, I think it's easier to update Samba. But if you still need to click, which is the same parameter to the Windows registry, you need to change it, I'll show you. To share the Windows NT registry:

you need to create the key EnablePlainTextPassword to the DWORD type and insert the value you want 1. In Windows 9x you need to create the same key, but in a separate

For Windows 2000, you need to make changes to the registry

The log file and max log size parameters set the log file (log) and its maximum size. Socket options are set after the additional socket option.

If your computer has a few interfacing interfaces installed, you can customize the Samba package so that you have the correct interface. As shown in Listing 9.1.

Now let's move on to the offensive section, how to determine the parameters of the resources, which are fully victorious. This section is called . The butt in place of the section is pointed at listing 9.2.

The browseable=yes parameter (div. listing 9.2) allows you to view the shared resources in the Microsoft pool. The writable =yes parameter allows writing to the directory (you can change this parameter by using the read only=no parameter).

Now let's create a hot catalog (div. listing 9.3). Robe at the section.

Your knowledge is already enough, so that you yourself can be more far away from the mood. As a completion of this division, I will point out a few practical applications (div. listing 9.4). Please note that comments in the smb.conf file can be indicated either by numbers (#) or by dashes (;).

; NETLOGON directory for domain logon

comment = Samba Netlogon Service

; Do not set yes

; Profile for double winning resources

path = /usr/local/samba/proflies

; Catalog, which is a victorious admin

; Koristuvach admin is guilty of running on the Samba server

With the truth in mind, Windows OS was developed for homeowners. A leather home gift, to look over the resources of the Microsoft network, the pictogram of Merezhev sharpened on the Windows desktop. And now let's find out what homeworker works in Linux OS and want to look at the resources of the network. Shvidshe for everything, she blames the same problems. Let's try them out at once.

For a review of Microsoft resources, the smbclient program is used. It is possible that you want to connect to the shared directory share of the computer nt_ws1. With whom it is acceptable that your name is coristuvacha user ta password 123456. In my case, the smbclient command looks like this:

$ smbclient //nt_ws1/share –U user%123456

If the password is not needed, it is indicated only by the name of the koristuvach without the sign of the password.

If you connect to a global resource, more precisely, to a directory, you can match the same commands as when working with an ftp client (div. Table 9.1).

smbclient commands Table 9.1

Tricking the smbclient program is not too easy. It's better to tweak the smbmount program, so that you can mount a remote resource like a sizable file system. Under the circumstances of victoriousness, the resource becomes richly accepted and profitable. Below the butt of the command is pointed, as a montage of the main resource customers of the nt computer, user. Mount point - /mnt/customers directory, customer ID (UID) is 500, and group (GID) is 100:

smbmount //nt//customers –U user –c "mount /mnt/customers –u 500 –g 100"

For these goals, you can speed up with the command:

smbmount //nt/customers/ /mnt/customers –U user

Note. You may not have the right to root the smbmount command. To make the program stand out for the first time, you should set the Setuid root attribute for it, but this solution is not safe. The way out of this situation is to start the smbmount program when the system is captured. Add smbmount to the auto-mount script to mount filesystems of a double-walled version, whichever you use the most. If any of the above resources are able to work with remote resources as if they were a great local file system.

Rice. 9.4. Global resources

You can look over the global resources of the computer for the additional option -L (div. small. 9.4).

The Browse list (div. small 9.4) shows other smb servers in the range of available resources. The -I option allows smbclient to handle DNS names. For example, if the domain is called domain.ru, then you can look at the global resources of the nt_ws1 computer with the command:

$ smbclient -L -I nt ws1.domain.ru

For the safety of supporting others, we robbed everything we could. The load printers section parameter captures the printers in /etc/printcap (listing div. 9.1). Vykoristovuetsya system druk BSD. Now no longer assigned section to smb.conf file (div. list 9.5). This section has global parameters for all printers, so it is not necessary to specify them for a skin printer.

Some parameters, which are selected in this section (browseable, writable, comment), may have the same values ​​as in the section. The path parameter specifies the spool directory to which files are copied before printing (the so-called spool printer). The public parameter with the value yes allows you to add another guest post, which everyone wants. In order to block another z-pіd of the guest's public record, enter public=no. In this case, access to the printer may be less registered on the server of the coristuvach. The replacement of the public parameter is changed to a synonym - the guest parameter is ok. The writable setting parameter is set to ensure that only other files can be written to the printer's buffer directory (spool).

Possibly, it will be necessary for you to allow more than one other, or a dekilk of singing coristuvachas on a singing printer. You can do this as shown in Listing 9.6.

valid user = root admin administrator

Connecting a merging printer to a Windows computer connected to a Linux server or a Linux station is similar to connecting a standard merging printer connected to a Windows workstation. For the Windows 98 operating system, for which one, please use the following:

1. Tap Start→Settings→Printers.

2. Activate the printer setup wizard.

3. Select printer type: medium.

4. Specify the path to the printer or press the button "Look" to automatically select the resource (div. small. 9.5).

Rice. 9.5. Connecting a tethered printer

First of all, you need to create the correct entries in /etc/printcap. For the format of this file, see Listing 9.7.

# just a comment

:cm=HP 5MP Postscript hp5m on nt_wsl:\

I'll add what I see for evidence

printer spool directory (local machine)

# printer image file

maximum file size.

# If the value "zero" is specified, then the exchange is taken into account

Listing 9.7 has (in the comments) a description of the fields in the printcap file, but, I think, it’s not good to bring up their redirection:

cm - set a comment;

lp - I'll add what I see for seeing;

sd – printer spool directory on the local machine;

af – file for the appearance of the printer's desktop;

mx - maximum file size. If the value is zero, then the exchange is taken into account;

if - the name of the input filter.

Turning to nashtuvannya access, redirect, scho directory for the printer's spool and has permission to write. It is also necessary to indicate the necessary attachment for the conclusion. Listing 9.7 cim add /dev/lp0. The Samba package includes the smbprint script. For the help of this scenario, you can print documents on the printer for the help of the SMB service. It is possible that you do not enter the warehouse of your package of wines, so I have confirmed it in listing 9.8. This is a listing of some of the references from the helper for the Samba package.

# This script is a system filter

# Win the smbclient program for another file on the merged

# the printer connected to the Windows workstation.

# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint

# Write to create a unix printer named "smb" which will

drukuvati for help of this script. You need to create a directory

# spool /usr/spool/smb with full rights and vlasnik

# Set the server name and the printer you want to use.

# This script was modified by Michael Hamilton

so the server, service and password can be read from the file

# /usr/var/spool/lpd/PRINTNAME/.config

# In order to do this, the /etc/printcap entry is responsible

# include the wiki image file (af=...):

# :cm=CD IBM Colorjet on 6th: \

# :sd=/var/spool/lpd/cdcolour:\

# :af=/var/spool/Ipd/cdcolour/acct: \

# :if=/usr/local/etc/smbprint:\

# File /usr/var/spool/lpd/PRINTNAME/.config is guilty of revenge

# File for customization information can be changed to /dev/null

config_file=$spool_dir/. config

echo "server $server, service $service" >> $logfile

) | /usr/bin/smbclient "\\\$server\\$service" $password –U $user –N –P >> $logfile

Now you can abuse the printer. Prote, I still recommend reading the Samba package manual for more detailed information about others on merging printers.

Listing 9.9 has an example for /etc/smb.conf. Better for everything, wine and you will also be correct.

log file = /var/log/samba/log.%m

# I commented on the next rows, because the stench is characteristic

# only for my configuration

# socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# interfaces = 192.168.1.1/24 192.168.2.1/24

SWAT (Samba Web-based Administrative Tool) configurator for customizing the Samba package via the Web interface. Like other configurators, for example, netconf or linuxconf, SWAT provides a handy graphical interface for administrating the Samba server. The main advantage of the configurator is those that you do not need to be at the computer, which you are an administrator. You can administrate the Samba server from any computer in your company. Just like when working with other configurators, when working with SWAT, you do not need to know the format of the configuration files, nor their name, nor the details.

To install SWAT, you need to install the samba-swat package. Look for this package on another CD of your Linux installation kit. Install the package with the command:

rpm –ihv samba-swat-2.2.la-4.1386.rpm

After the package is installed, just follow it so that the /etc/services file has an entry:

SWAT configurator for your work using TCP protocol and port 901. You can specify any other port. If you change the port number, do not forget to change the port number in /etc/inetd.conf or /etc/xinetd.conf.

If you want to win over the inetd superserver, add the next line to the /etc/inetd.conf file (there is nothing like that):

swatstream tcp nowait.400 root/usr/sbin/swat swat

If the xinetd superserver is replaced, the swat file of the attacking christ will be added to the /etc/xinetd.conf directory (Listing 9.11):

# description: SWAT є Samba Web Admin Tool. use swat \

# configure your Samba server. To use SWAT, \

# connect to port 901 with your favorite web browser,

If you want to configure the Samba server from whatever computer you have, comment out the entry only_from = 127.0.0.1 or set any other parameters for access to SWAT.

Now it is necessary to restart the superserver. For whom to enter the command:

You can also speed up with the command:

If inetd is disabled, you can restart the superserver with the command:

Mustache! The SWAT setup is complete and you can now deploy the Samba configuration for the SWAT help. To launch your favorite browser and enter the URL:

After the login is set, you will be asked to ask for the password (Div. Mal. 9.6).

Enter my password. Let's keep up with the firebrand of the configurator (Div. Mal. 9.7).

Rice. 9.7. Samba Web Administration Tool

3 fig. 9.7 it can be seen that the SWAT configurator has all the most necessary information “under the hand” of the administrator: from the documentation to the passwords of the koristuvachiv.

In the Globals division, the values ​​of the global variables are assigned (Fig. 9.8). You can get a hint for this or another parameter by going to Help. You can set the value behind the lock by clicking the Set Default button.

Rice. 9.8. Samba Global Changes

The Shares distribution has multiple resources, and the Printers distribution has multiple printers. The Samba server stan can be viewed in the Status section (div. small 9.9). Here you can start, download and restart the SMB and NMB services. With whom you can split, you can complete the connection with the Samba server, as well as look over the station.

Rice. 9.9. Distributed Status

At the Passwords distribution, there are assigned passwords that allow access to the Samba server.

Samba works on most Unix-like systems such as GNU/Linux, POSIX-smart Solaris and Mac OS X Server, on various BSD variants, on OS/2, Windows. Samba included in almost all GNU/Linux distributions, including, most notably, Ubuntu.

Installed

To spawn a folder in Ubuntu Desktop, just right-click on the folder and select the "Publish Folder" menu item. There is no need to edit the same config files. Everything described below is more than a manual setup, for example, at the time of the file server's creation.

To install, it is enough to open the terminal and enter:

sudo apt-get install samba

The program will be automatically downloaded and installed.

Nalashtuvannya

For the help of the terminal, we will backup a copy of the configuration mail file:

sudo cp /etc/samba/smb.conf(,.bak)

Now you can edit the /etc/samba/smb.conf file, for which you can open it in any text editor with supercorrect rights. For example, like this:

sudo nano /etc/samba/smb.conf

Written far away seems to be just one specific scenario of the Samba version, and in a great number of cases everything turns out to be absolutely wrong. The article needs to be corrected, blaming on the capabilities of Samba, and not only on stosuvanni programs like file storage with local authorization. It’s better to blame the butt with a file storage in an excellent report article.

An example of setting up Samba as an autonomous file server with authorization:

; Global server setup; General server settings Im'ya computer, as it should be in the middle of the netbios name = main-server server string = ; workgroup workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user File for hostname alias username map = /etc/samba/smbusers wins name resolve b order = ; wins support is set to yes if your nmbd(8) Samba is a WINS server. Don't set this option to yes if you don't have many options and you don't want your nmbd to work as a WINS server. Never set this parameter for more lower on the same machine in the boundaries of the same subdivision. wins support = no; Printer caption printing = CUPS printcap name = CUPS; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no; Adjustment of binding to interfaces, on some hearing, as it is not allowed to hear on all interfaces; interfaces = lo, eth0; bind interfaces only=true; ; ; path = /var/lib/samba/printers; browseable = yes; guest ok = yes; read only = yes; write list = root; create mask = 0664; directory mask = 0775; ; ; path=/tmp; printable = yes; guest ok = yes; browseable = no; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Cool disc; Im'ya kuli, seen from clients; Path to the disk path = /media/sda1 ; You can look at it browseable=yes read only=no guest ok=no create mask=0644 directory mask=0755; Binding to the singing name of the koristuvacha or groups, names through probіl; force user=user1 user2; force group = group1 group2; Another hard drive, by analogy with this, is path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644

Now next of rozіbratisya z koristuvachami.

Samba has already been entered into the system, it is possible to use the name user, for example, if it is already in the system, you need to add it to the SMB data base and recognize the password for accessing the global resources, by using the command:

Smbpasswd -a user

You will be prompted to enter a password, the password will be added to the base, now it is necessary to turn on that password.

Smbpasswd -e user

Let's create an alias for the name of the koristuvach user to make it easier for you to access the Windows machine on the one we have, for example, the koristuvach for the Admin name, for which we'll create and edit the /etc/samba/smbusers file:

sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers

Add a couple of rows to the file

# Unix_name = SMB_name1 SMB_name2 user = Admin

On which patching is complete, restart Samba.

You can install the simplest GUI for Samba with the command:

sudo apt-get install system-config-samba

Run with the command:

sudo system-config-samba

If you change the vin, write to the samba configuration file.

For remote administration of Samba as a web-interface for Samba