This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
fuss:samba [2015/06/02 03:40] – [Increase Compatibility with OSX] office | fuss:samba [2017/02/22 18:30] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Faster Speed without Risks ====== | ||
+ | |||
+ | Add to ''/ | ||
+ | |||
+ | < | ||
+ | [global] | ||
+ | socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY IPTOS_LOWDELAY | ||
+ | use sendfile = true | ||
+ | max xmit = 65535 | ||
+ | max connections = 65535 | ||
+ | max open files = 65535 | ||
+ | min receivefile size = 16384 | ||
+ | aio read size = 16384 | ||
+ | aio write size = 16384 | ||
+ | read raw = yes | ||
+ | write raw = yes | ||
+ | getwd cache = yes | ||
+ | dead time = 15 | ||
+ | kernel oplocks = yes | ||
+ | </ | ||
+ | |||
+ | ====== Force User and Group ====== | ||
+ | |||
+ | Given a development share, where files are added by multiple accessing users, it would be helpful if that share would create the files on the server using a single user and group. This can be accomplished per-share with the following two options: | ||
+ | |||
+ | < | ||
+ | [devel] | ||
+ | ... | ||
+ | force user = development | ||
+ | force group = development | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Note that this setting in Samba is stronger rather than setting the sticky group bit on the parent directory because samba //will also maintain the user ownership// | ||
+ | |||
+ | ====== Setting Permissions on Files and Directories ====== | ||
+ | |||
+ | None of the documentation provided by samba helps, instructions are given how '' | ||
+ | |||
+ | This can be accomplied per-share using the following (excessive) options((Kudos to [[http:// | ||
+ | |||
+ | < | ||
+ | [devel] | ||
+ | ... | ||
+ | ; newly created files will have 660 (rw-rw----) | ||
+ | create mask = 660 | ||
+ | force create mode = 660 | ||
+ | security mask = 660 | ||
+ | force security mode = 660 | ||
+ | ; newly created directories will have 0770 (rwxrwx---) | ||
+ | directory mask = 0770 | ||
+ | force directory mode = 0770 | ||
+ | directory security mask = 0770 | ||
+ | force directory security mode = 0770 | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | which would be suitable in combination with the previous fuss - for example: | ||
+ | |||
+ | < | ||
+ | [devel] | ||
+ | ; all files and directories created in the share | ||
+ | ; will be owned by the development user and the | ||
+ | ; development group from passwd / groups | ||
+ | force user = development | ||
+ | force group = development | ||
+ | ; newly created files will have 660 (rw-rw----) | ||
+ | create mask = 660 | ||
+ | force create mode = 660 | ||
+ | security mask = 660 | ||
+ | force security mode = 660 | ||
+ | ; newly created directories will have 0770 (rwxrwx---) | ||
+ | directory mask = 0770 | ||
+ | force directory mode = 0770 | ||
+ | directory security mask = 0770 | ||
+ | force directory security mode = 0770 | ||
+ | ... | ||
+ | </ | ||
+ | |||
+ | The reason to do this is that the directories and files on the server, created through samba will then only be accessible to the '' | ||
+ | |||
+ | <WRAP box round> | ||
+ | {{: | ||
+ | < | ||
+ | set file permissions = ... | ||
+ | set directory permissions = ... | ||
+ | </ | ||
+ | that would summarise 8 lines of configuration to just 2 lines! | ||
+ | </ | ||
+ | |||
+ | ====== Increase Compatibility with OSX ====== | ||
+ | |||
+ | Disabling UNIX extensions ('' | ||
+ | |||
+ | < | ||
+ | [global] | ||
+ | # Better compatibility with OSX | ||
+ | unix extensions = no | ||
+ | max protocol = NT1 | ||
+ | min protocol = NT1 | ||
+ | </ | ||
+ | |||
+ | ====== Mounting Shares from Linux ====== | ||
+ | |||
+ | Samba version 4.x provides multiple authentication mechanisms which can be chosen as an option '' | ||
+ | |||
+ | ^ '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | |||
+ | In case you get the following mount-errors (retrieved via '' | ||
+ | < | ||
+ | [196525.842930] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE | ||
+ | [196525.842942] CIFS VFS: Send error in SessSetup = -13 | ||
+ | [196525.843076] CIFS VFS: cifs_mount failed w/return code = -13 | ||
+ | </ | ||
+ | |||
+ | for example, when trying to mount an Apple TimeCapsule share, then most likely the authentication mechanism was not well chosen. | ||
+ | |||
+ | For an Apple TimeCapsule, | ||
+ | <code bash> | ||
+ | mount -t cifs // | ||
+ | </ | ||
+ | |||
+ | ====== Enable Synchronization between Shadow and Samba Passwords ====== | ||
+ | |||
+ | To enable the synchronization between shadow and Samba passwords install the '' | ||
+ | <code bash> | ||
+ | aptitude install libpam-smbpass | ||
+ | </ | ||
+ | |||
+ | and copy ''/ | ||
+ | |||
+ | In ''/ | ||
+ | < | ||
+ | obey pam restrictions = yes | ||
+ | unix password sync = yes | ||
+ | passwd program = / | ||
+ | passwd chat = *Enter\snew\s*\spassword: | ||
+ | pam password change = yes | ||
+ | </ | ||