 |
|
|
| ◆ | sambaのインストール |
|
Fedora 8 のインストール時 “Windowsファイルサーバ” を選択していれば samba はインストールされています。 もし、Fedora 8 のインストール時 “ファイルサーバ” を選択していない場合は下記要領でインストールして下さい。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# yum install samba ← yum inatall samba を入力 fedora 100% |=========================| 2.1 kB 00:00 updates 100% |=========================| 2.3 kB 00:00 Setting up Install Process Parsing package install arguments Resolving Dependencies --> Running transaction check ---> Package samba.i386 0:3.0.28a-0.fc8 set to be updated --> Processing Dependency: samba-common = 3.0.28a-0.fc8 for package: samba --> Running transaction check ---> Package samba-common.i386 0:3.0.28a-0.fc8 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: samba i386 3.0.28a-0.fc8 updates 2.8 M Installing for dependencies: samba-common i386 3.0.28a-0.fc8 updates 7.2 M Transaction Summary ============================================================================= Install 2 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 10 M Is this ok [y/N]: y ← y を入力 Downloading Packages: (1/2): samba-common-3.0.2 100% |=========================| 7.2 MB 00:02 (2/2): samba-3.0.28a-0.fc 100% |=========================| 2.8 MB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: samba-common ######################### [1/2] Installing: samba ######################### [2/2] Installed: samba.i386 0:3.0.28a-0.fc8 Dependency Installed: samba-common.i386 0:3.0.28a-0.fc8 Complete! ← Complete! と表示されれば完了 |
|
| ◆ | samba の設定 |
| samba の設定ファイルを開きます。下記のように緑色の部分を黄色に変更(書き換え・削除)して下さい。赤文字は説明です。青文字が入力文字です。 | |
|
[root@linux]# vi /etc/samba/smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #--------------- # SELINUX NOTES: # # If you want to use the useradd/groupadd family of binaries please run: # setsebool -P samba_domain_controller on # # If you want to share home directories via samba please run: # setsebool -P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba-share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_ro on # or # setsebool -P samba_export_all_rw on # # If you want to run scripts (preexec/root prexec/print command/...) please # put them into the /var/lib/samba/scripts directory so that smbd will be # allowed to run them. # Make sure you COPY them and not MOVE them so that the right SELinux context # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts # #-------------- # #======================= Global Settings ===================================== [global] # ----------------------- Netwrok Related Options ------------------------- # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = WORKGROUP ↓ workgroup = ********* ← ワークグループの設定 server string = Samba Server Version %v ; netbios name = MYSERVER ↓ netbios name = MYSERVER ← netbiosの指定がある場合は設定(通常は変更なし) ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. ↓ hosts allow = 192.168.0. 127. ← 同一LAN内だけに許可する場合に設定 # --------------------------- Logging Options ----------------------------- # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 # ----------------------- Standalone Server Options ------------------------ # # Scurity can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # ----------------------- Domain Members Options ------------------------ # # Security must be set to domain or ads # # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Use password server option only with security = server or if you can't # use the DNS to locate Domain Controllers # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = <NT-Server-Name> # ----------------------- Domain Controller Options ------------------------ # # Security must be set to user for domain controllers # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. # # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job # # Domain Logons let Samba be a domain logon server for Windows workstations. # # Logon Scrpit let yuou specify a script to be run at login time on the client # You need to provide it in a share called NETLOGON # # Logon Path let you specify where user profiles are stored (UNC path) # # Various scripts can be used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts # ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # ----------------------- Browser Control Options ---------------------------- # # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable # # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; local master = no ; os level = 33 ; preferred master = yes #----------------------------- Name Resolution ------------------------------- # Windows Internet Name Serving Support Section: # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both # # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server # # - WINS Server: Tells the NMBD components of Samba to be a WINS Client # # - WINS Proxy: Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. # # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # --------------------------- Printing Options ----------------------------- # # Load Printers let you load automatically the list of printers rather # than setting them up individually # # Cups Options let you pass the cups libs custom options, setting it to raw # for example will let you use drivers on your Windows clients # # Printcap Name let you specify an alternative printcap file # # You can choose a non default printing system using the Printing option load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --------------------------- Filesystem Options --------------------------- # # The following options can be uncommented if the filesystem supports # Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ; [public] ↓ [public] ← コメント解除し設定を有効にする ; comment = Public Stuff ↓ comment = Public Stuff ← コメント解除し設定を有効にする ; path = /home/samba ↓ path = /home/samba ← コメント解除し設定を有効にする ; public = yes ↓ public = yes ← コメント解除し設定を有効にする ; writable = yes ↓ writable = yes ← コメント解除し設定を有効にする ; printable = no ; write list = +staff |
|
| ◆ | 共有ディレクトリの作成 |
| 全ユーザがフルアクセスできる共有ディレクトリを作成します。青文字が入力文字です。 | |
|
[root@linux]# mkdir /home/samba ← 入力 上記の public に合わせます |
|
| 出来たディレクトリのアクセス権を変更します。青文字が入力文字です。 | |
|
[root@linux]# chmod 777 /home/samba ← 入力 |
|
| ◆ | ユーザー専用ディレクトリの作成 |
|
ここではユーザー“user01”の登録と専用ディレクトリの作成をします。 まずはユーザー“user01”の登録です。 下記のように入力します。青文字が入力文字です。 |
|
|
[root@linux]# useradd user01 ← 入力(user01 と言うユーザーを追加) [root@linux]# passwd user01 ← 入力(user01 のパスワード設定) Changing password for user papa. New UNIX password: ****** ← パスワード入力(* は実際には表示されません) Retype new UNIX password: ****** ← 再度パスワード入力(* は実際には表示されません) passwd: all authentication tokens updated successfully. |
|
| 次に papa を samba ユーザーに追加します。青文字が入力文字です。 | |
|
[root@linux]# pdbedit -a user01 ← 入力(user01 を samba ユーザーに追加) new password: ****** ← パスワード入力(* は実際には表示されません) retype new password: ****** ← 再度パスワード入力(* は実際には表示されません) Unix username : user01 NT username : Account Flags : [U ] User SID : S-1-5-21-8262828-1917633451-907109793-1000 Primary Group SID : S-1-5-21-8262828-1917633451-907109793-513 Full Name : Home Directory : \\fedora8-server\user01 HomeDir Drive : Logon Script : Profile Path : \\fedora8-server\user01\profile Domain : FEDORA8-SERVER Account desc : Workstations : Munged dial : Logon time : 0 Logoff time : never Kickoff time : never Password last set : 日, 07 4月 2007 23:23:11 JST Password can change : 日, 07 4月 2007 23:23:11 JST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
|
| ◆ | ユーザー専用ディレクトリのアクセス権の設定 |
| samba の設定ファイルを開きます。設定ファイルの最後に下記のように黄色の部分を追記して下さい。赤文字は説明です。青文字が入力文字です。 | |
|
[root@linux]# vi /etc/samba/smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. ↓ ↓ 途中省略 ↓ [user01] comment = user01 Only Space path = /home/user01 ← user01 のホームディレクトリ writable = yes ← 書き込みの許可 等 下記を参照して自由に設定 |
|
| なお、設定の詳細は以下のようになります。 任意で書き換えてください。 path = /home/***** (***** はユーザ名) public = yes guest ok = yes guest only = yes guest account = ***** (*****
はユーザ名) read only = yes writable = yse create mask = 0777 (0777 の 777
部分に指定するアクセス権を記述) directory mask = 0777 (0777 の 777
部分に指定するアクセス権を記述) force user = yes browseable = yes valid users = ***** (***** はユーザ名) invalid users = ***** (*****
はユーザ名) write list = ***** (***** はユーザ名) hosts allow = ***** (***** はホスト名) hosts deny= ***** (***** はホスト名) 上記詳細で yes の部分を no に設定すると逆の意味になります。 |
|
| ◆ | ポートの開放 |
| samba用のポート
137,138,139 を開放します。
設定ファイル iptables
が開き最終行に |
|
| [root@linux]# vi /etc/sysconfig/iptables ← 入力 # Firewall configuration written by system-config-securitylevel # Manual customization of this file is recommended. *filter :IMPUT ACCEPT [0:0] ↓↓ ↓↓ 途中省略 ↓↓ -A INPUT -j RH-Firewall-1-INPUT ↓↓ ↓↓ 途中省略 ↓↓ -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT ← 最終行に追記 -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT ← 最終行に追記 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT ← 最終行に追記 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT ← 最終行に追記 |
|
| 設定を反映させるため iptables を再起動させます。 | |
|
[root@papa-net ~]# /etc/rc.d/init.d/iptables restart ← 入力 iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] |
|
| ◆ | samba の起動 |
| 下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# /etc/rc.d/init.d/smb start ← 入力 Syntax OK SMB サービスを起動中: [ OK ] |
|
| 続いてPCの再起動に samba を自動的に起動するようにします。下記のように入力します。青文字が入力文字です。 | |
|
[root@linux]# chkconfig smb on ← 入力 |
|
| 自動起動設定の確認。下記のように入力し 、下記のように表示されればOKです。青文字が入力文字です。 | |
|
[root@linux]# chkconfig --list smb ← 入力 smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
|