Samba
Une configuration minimale
[global] workgroup = ANGRES passdb backend = tdbsam [homes] comment = Répertoire personnel de %u read only = no [monpartage] comment = Description longue de mon partage read only = no path = /srv/samba/monpartage
Noter qu'un partage partage est read only
par défaut, d'où la nécessité de le désactiver.
Le passbd backend
implicite est smbpasswd
qui ne permet pas de stocker tous les champs utilisateurs (durée de validité, etc.), on utilise donc tdbsam
d'office pour ne pas avoir de surprises par la suite.
Créer un dossier partagé
cd /srv/samba/groups mkdir nom_du_partage chmod o= nom_du_partage chmod g=rwxs nom_du_partage chgrp nom_du_partage nom_du_partage
Puis modifier le fichier de configuration de Samba
/etc/samba/smb.conf
:
[nom_du_partage] comment = Répertoire pour ... force group = nom_du_partage path = /srv/samba/groups/nom_du_partage valid users = @nom_du_partage read only = no create mask = 0660 directory mask = 0770
On teste la configuration avec:
testparm
On relance le serveur de fichiers:
/etc/init.d/samba restart
Noter l'astuce pour forcer le bon groupe dans les répertoires partagés:
[qualite] ... force group = +qualite ... [prod] ... force group = +prod
Conserver la compatibilité avec MS Woe9X et WoeMe
La nouvelle version dans Debian Lenny (3.2.5) désactive implicitement les vieux clients, ce qui a également pour conséquence d'EFFACER tous les mots de passe dans l'ancien format. Il faut donc - AVANT de mettre à jour - rajouter ceci dans la configuration:
lanman auth = yes client plaintext auth = yes client lanman auth = yes
Pour plus d'information, cf. /usr/share/doc/samba/NEWS.Debian.gz:
samba (3.0.27a-2) unstable; urgency=low * Weak authentication methods are disabled by default Beginning with this version, plaintext authentication is disabled for clients and lanman authentication is disabled for both clients and servers. Lanman authentication is not needed for Windows NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows 95/98/ME clients (or servers) you may need to set lanman auth (or client lanman auth) to yes in your smb.conf. The "lanman auth = no" setting will also cause lanman password hashes to be deleted from smbpasswd and prevent new ones from being written, so that these can't be subjected to brute-force password attacks. This means that re-enabling lanman auth after it has been disabled is more difficult; it is therefore advisable that you re-enable the option as soon as possible if you think you will need to support Win9x clients. Client support for plaintext passwords is not needed for recent Windows servers, and in fact this behavior change makes the Samba client behave in a manner consistent with all Windows clients later than Windows 98. However, if you need to connect to a Samba server that does not have encrypted password support enabled, or to another server that does not support NTLM authentication, you will need to set "client plaintext auth = yes" and "client lanman auth = yes" in smb.conf. -- Steve Langasek <vorlon@debian.org> Sat, 24 Nov 2007 00:23:37 -0800
Voir aussi
Liens
- Gestion des utilisateurs, groupes, permissions: concepts d'utilisateurs et de groupes sous Unix et Windows, et correspondances.