====== Samba mit tdbsam ======


**1.) Installieren von Samba**
<code>
apt-get install libcups2 samba samba-common
</code>

----

**2.) Anpassen der smb.conf**
<code>
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


####### Authentication #######
security = user
encrypt passwords = true
passdb backend = tdbsam

obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user

[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @share
  force group = share
  create mask = 0660
  directory mask = 0771
  writable = yes

[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0700
   directory mask = 0700
</code>

----

**3.) Samba neu starten**
<code>
/etc/init.d/smbd restart
</code>

----

**4.) Gruppe und User anlegen**

Ich verwende gerne eine eigene Gruppe für alle User die per Samba Zugriff haben. Dies muss aber nicht sein. Die Gruppe nenne ich share (ist auch oben in der smb.conf zu sehen bei valid users)
<code>
groupadd share
useradd tom -m -G users,share
passwd tom
smbpasswd -a tom
</code>

----

**5.) Verzeichnis anlegen und Rechte setzten**
<code>
mkdir -p /home/shares/allusers
chown -R root:share /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/alluser
</code>

Danach sollte man sich schon mit dem User Tom anmelden können.

----

----

===== Beispiel vom Rechner "Bender" der zwei User auf einen Share hat. Der eine hat RW der anderen nur RO... =====


**1.) User anlegen und Berechtigungen vergeben**
<code>
groupadd sambaro
useradd -G users,sambaro -M -s /bin/false muh
smbpasswd -a muh
smbpasswd -a stone
chown -R stone:sambaro /mnt/storage/*
chmod -R 0750 /mnt/storage/*
</code>

----

**2.) Das hier ist die Samba-Config dazu**
<code>
[global]
workgroup = Storage
server string = %h server (Samba)
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


####### Authentication #######
security = user
encrypt passwords = true
passdb backend = tdbsam

obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user

[Daten]
        comment = Storage Daten Share
        path = /mnt/storage/Daten/
        readonly = yes
        valid users = stone muh
        write list = stone
        force user = stone
        force group = sambaro
        create mask = 0750
        directory mask = 0750
</code>

User stone wurde schon beim installieren des Systems angelegt. Dieser hat RW-Rechte. Der User muh hat nur RO-Rechte.