WARNING: The "syslog" option is deprecated Unable to initialize messaging context
logging = syslog
WARNING: The "syslog" option is deprecated
Unable to initialize messaging context
WARNING: The "syslog" option is deprecated
do_connect: Connection to nothing.atThis.IP.address failed (Error NT_STATUS_HOST_UNREACHABLE)
logging = syslog
line of /etc/samba/smb.conflogging
logging = syslog
Flag | Usage |
---|---|
-s --suppress-prompt | testparm is designed to be run interactively and expects to be pressed after displaying the first diagnosis page. This flag suppresses this and allows the utility to be run non-interactively. |
[global]
section :
log level = logLevel
With logLevel :
logLevel | Usage |
---|---|
0 | (default) only critical errors and serious warnings will be logged |
1 | reasonable level for day-to-day running : it generates a small amount of information about operations carried out |
2, 3 | will generate considerable amounts of log data, and should only be used when investigating a problem |
4-10 | these levels are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic |
5 processes are in enforce mode. /usr/sbin/smbd (830) smbd /usr/sbin/smbd (833) smbd /usr/sbin/smbd (834) smbd /usr/sbin/smbd (835) smbd /usr/sbin/smbd (3393) smbd
logfiles
/etc/apparmor/logprof.conf | cut -d '=
' -f 2); do [ -e "$i" ] && grep -iq 'apparmor
' "$i" && echo "'$i' matches"; done
'/var/log/syslog' matches '/var/log/messages' matches
apparmor
"$i" | tail -10 | md5sum; done9f03bd8f908cbe44f3e078c95a259be4 - 9f03bd8f908cbe44f3e078c95a259be4 -Nope, so let's focus on /var/log/messages only, then.
apparmor
Aug 27 11:23:02 localhost kernel: [ 9180.681476] audit: type=1400 audit(1566897782.433:2083): apparmor="DENIED" operation="open" profile="smbd" name="/target/of/symlink/on/usb/drive" pid=3393 comm="smbd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
profile smbd
' /etc/apparmor*/etc/apparmor.d/usr.sbin.smbd:profile smbd /usr/{bin,sbin}/smbd flags=(complain) {
[global] min protocol = SMB2 client min protocol = SMB2Depending on Samba version (/usr/sbin/samba --version, or dpkg -l samba) and Windows version, see :
Failed to restart samba.service: Unit samba.service is masked.
[global] allow insecure wide links = yes unix extensions = no [myShare] path = /path/to/sharedDir wide links = yes
L : local R : remote 2 : "to" 1 : enable
Les liens symboliques local à local sont activés Les liens symboliques local à distant sont activés. Les liens symboliques distant à local sont activés. Les liens symboliques distant à distant sont activés.
workaround : as root : mount --bind /directory/to/effectively/share /directory/shared/by/samba
Flag | Default value | Level | Usage |
---|---|---|---|
allow insecure wide links | No | global | see wide links and unix extensions |
create mask | 0744 |
service | default permissions for new files |
directory mask | 0755 |
service | default permissions for new directories |
browseable | Yes | service |
|
follow symlinks | Yes | service | (pretty explicit)
|
force user | (empty) | service |
|
guest ok | No | service | when set to yes, no password is required to connect to the share. Privileges will be those of the guest account. |
hosts allow | (empty) = none |
|
|
log file | (no default value) | global |
|
logging | (empty) | global |
|
path | (empty) | service | directory to which the user of the service is to be given access |
read only | Yes | service |
|
unix extensions | Yes | global |
|
wide links | No | service |
|
writable | No | service | see read only |
Share Definitions
sections of the configuration file (details).[global]
section onlyservicesection or in the
[global]
section. When used in the [global]
section, the parameter value applies to all services.# (explicit) follow symlinks = yes # allows following symlinks outside of the shared directory wide links = yes # related to uid/gid between server and client, but also collides with 'wide links' above when enabled unix extensions = no
option = value # this is a comment DON'T DO THAT !!!
hosts allow = myLaptop DON'T DO THAT !!!
Found this in old notes, not sure this is still true / useful :If you just want to setup a network share with no special permissions (easiest but lowest security level), you just have to
- switch from security = user to security = share
- "chmod 777" the shared directory
Version 4.5.12-Debian
[global] hosts allow 192.168.56.1 interfaces = eth0 bind interfaces only = yes
Share Definitions
sectionThat's about it for a functional means to share files. The only "security" feature here is that it only allows 1 host, identified by its IP address. This is VERY POOR and only suited for temporary configuration, like while debugging other stuff !!!
[myShare] force user = kevin create mask = 0700 directory mask = 0700
Action | Linux | FreeBSD |
---|---|---|
setup | apt install samba | Samba is available in the FreeBSD ports at /usr/ports/net/samba. A simple make install + make clean and it should work. |
configuration file | /etc/samba/smb.conf | /usr/local/etc/smb.conf |
check configuration | testparm | /usr/local/bin/testparm -s |
start / stop / restart / status commands | systemctl start/stop/restart/status smbd.service | |
Logs | 1 file per client machine : /var/log/samba/log.sambaClient |
Command | Effect | Comment |
---|---|---|
smbpasswd -a bob | add a Samba user account for Bob | user added in the Samba password file |
smbpasswd -d bob | disable Bob's Samba account | adds a D to the account flags in the Samba password file |
smbpasswd -e bob | enable Bob's Samba account | removes the D from the account flags |
smbpasswd -x bob | delete Bob's Samba account | or edit the password file and kill the matching line |
Bob must have his own Linux account on the machine running Samba (How to proceed).
To find where passwords are stored :
Plaintext files like /etc/samba/smbpasswd or /etc/smbpasswd are now obsolete (source)
Samba is based on the Microsoft SMB protocol for sharing files and printers. It seems that, historically, since the FATxx filesystems had limitations on file size, the same occurred on SMB. Sometimes, Unix clients can't use some of these large files through Samba.
To workaround this, the lfs option should be used in the mount options :