第 11 章网络服务：Postfix, Apache, NFS, Samba, Squid, LDAP, SIP, XMPP, TURN - 11.5. Setting Up Windows Shares with Samba - 《Debian 8 管理员手册（Debian Jessie 从入门到精通）》

Samba can also act as an Windows domain controller. This is an outstanding tool for ensuring seamless integration of Linux servers and the office desktop machines still running Windows.

The samba package contains the main two servers of Samba 4, and nmbd.

DOCUMENTATION Going further

The Samba server is extremely configurable and versatile, and can address a great many different use cases matching very different requirements and network architectures. This book only focuses on the use case where Samba is used as a standalone server, but it can also be a NT4 Domain Controller or a full Active Directory Domain Controller, or a simple member of an existing domain (which could be a managed by a Windows server).

The samba-doc package contains a wealth of commented example files in /usr/share/doc/samba-doc/examples/.

TOOL Authenticating with a Windows Server

Winbind gives system administrators the option of using a Windows server as an authentication server. Winbind also integrates cleanly with PAM and NSS. This allows setting up Linux machines where all users of a Windows domain automatically get an account.

More information can be found in the /usr/share/doc/samba-doc/examples/pam_winbind/ directory.

11.5.1.1. Configuring with debconf

The package sets up a minimal configuration during the initial installation but you should really run dpkg-reconfigure samba-common to adapt it:

The first piece of required information is the name of the workgroup where the Samba server will belong (the answer is FALCOTNET in our case).

The package also proposes identifying the WINS server from the information provided by the DHCP daemon. The Falcot Corp administrators rejected this option, since they intend to use the Samba server itself as the WINS server.

11.5.1.2. Configuring Manually

11.5.1.2.1. Changes to smb.conf

11.5.1.2.2. Adding Users

Each Samba user needs an account on the server; the Unix accounts must be created first, then the user needs to be registered in Samba’s database. The Unix step is done quite normally (using for instance).

Adding an existing user to the Samba database is a matter of running the smbpasswd -a *user* command; this command asks for the password interactively.

A user can be deleted with the smbpasswd -x *user* command. A Samba account can also be temporarily disabled (with smbpasswd -d *user*) and re-enabled later (with smbpasswd -e *user*).

11.5.2. Samba Client

The client features in Samba allow a Linux machine to access Windows shares and shared printers. The required programs are available in the cifs-utils and smbclient packages.

11.5.2.1. The smbclient Program

The smbclient program queries SMB servers. It accepts a -U *user* option, for connecting to the server under a specific identity. smbclient //*server*/*share* accesses the share in an interactive way similar to the command-line FTP client. lists all available (and visible) shares on a server.

11.5.2.2. Mounting Windows Shares

The mount command allows mounting a Windows share into the Linux filesystem hierarchy (with the help of mount.cifs provided by cifs-utils).

例 11.24. Mounting a Windows share

The /etc/smb-credentials file (which must not be readable by users) has the following format:

Other options can be specified on the command-line; their full list is available in the mount.cifs(1) manual page. Two options in particular can be interesting: uid and gid allow forcing the owner and group of files available on the mount, so as not to restrict access to root.

Unmounting a SMB/CIFS share is done with the standard umount command.

11.5.2.3. Printing on a Shared Printer

CUPS is an elegant solution for printing from a Linux workstation to a printer shared by a Windows machine. When the smbclient is installed, CUPS allows installing Windows shared printers automatically.

Here are the required steps:

Click on “Add Printer”.
Choose the printer device, pick “Windows Printer via SAMBA”.
Enter the connection URI for the network printer. It should look like the following:

smb://*user*:*password*@*server*/*printer*.
Enter the name that will uniquely identify this printer. Then enter the description and location of the printer. Those are the strings that will be shown to end users to help them identify the printers.

Voilà, the printer is operational!