Sunday, June 4, 2017

Bulletproof samba configuration.

We all know, that sometimes it could be such a pain to get samba working. Here's configuration example that works for sure.

Let's say we want user marco to access /srv/storage and to name share stg (full url will be: ///stg )


At first you need to create system user like:
useradd -d /srv/storage -s /bin/false marco

Then we need to add this user to samba with:
smbpasswd -a marco

Now we move initial /etc/smb.conf somewhere else and fill empty one with:
/!\ WARNING! This config is bound to eno1 ethernet interface.
[global] 
# Standard config options
workgroup                    = WORKGROUP
server string                = Force is with you, young padavan!
interfaces                   = 127.0.0.0/8 eno1
bind interfaces only         = yes
log file                     = /var/log/samba/log.%m      max log size              = 1000
panic action                 = /usr/share/samba/panic-action %d
# Extra options   # AUTH
unix charset                 = UTF8
dos charset                  = 866#
domain master               = yes#
prefered master             = yes
os level                     = 77
guest account                = fj
hostname lookups             = no
netbios name                 = nvr
preserve case                = yes
short preserve case          = no
time server                  = yes
unix extensions              = no
load printers                = no
printing = bsd   printcap name = /dev/null
include = /etc/samba/stg.conf


now we should create /etc/samba/stg.conf and fill with:

[stg]
valid users             = marcocase sensitive          = auto
default case            = lower
browsable               = yes
comment                 = Everything is stashed here
create mask             = 0644
  force create mode     = 0664
directory mask          = 0775
  force directory mode  = 0775
dont descend            = /proc,/dev,/etc,/sys,/opt,/1_sys
guest ok                = no
hide dot files          = yes
hide special files      = yes
hide unreadable         = no
#hosts allow             = 192.168.1.
inherit owner           = yes
inherit permissions     = no
path                    = /srv/storage  
read only               = no
use sendfile            = yes
follow symlinks         = yes
wide links              = yes

afterwards you can type testparm and see if there are any errors. 

Babbling about "rlimit_max" is perfectly normal.

p.s. hate this crippled wysiwyg editor!

No comments:

VIM cheat sheet

Basic basics :) i - start editing, current symbol a - start editing, next symbol Esc - stop editing :w - write to disk :w <filename> -...