【转】在ubuntu上建立samba服务器并通过外网访问

转载自:

http://www.zeitoun.net/articles/samba-over-internet/start

https://www.linux.com/learn/tutorials/296391-easy-samba-setup

首先是在ubuntu上假设samba服务器

If you are either a power home user or you are in a business environment, you know the importance of machines being able to see one another. Recently I did an article about this very topic (“Sharing Files  & Folders Between Linux, Mac, and Windows“) which skimmed this topic, showing how simple it is to allow these different operating systems to see one another – with the help of Samba. But that article didn’t dig too deeply into Samba itself. That article was more of a “let’s see how we can do this quickly and easily” tutorial.

 

This time around I’ll focus more on Samba and how it is installed and configured to allow for the sharing of files and folders. For this article, we will look at the smb.conf configuration file and how it is set up and how to create new shares and even share printers. You will be using a text editor and a few commands. So get your fingers ready to type.

Installation

Installing Samba is really quite simple. Since we are going to be dealing with the command line, let’s install Samba in the same way. So open up your favorite terminal window and prepare to install.

All of the installation commands will be issued as either the root use or by using the sudo command Whether you use su or sudo will depend upon which distribution you are using. If you are using Fedora (or a Fedora-like distribution), you will su to the root user. If you are using Ubuntu (or a Ubuntu-like distribution), you will use sudo.

Within the terminal window, issue the command sudo apt-get install samba smbfs. If you are using Fedora that command would be yum install samba smbfs. Once Samba is installed, it is time to start configuring.

Configuration

There is only one file you need concern yourself with – /etc/samba/smb.conf. Out of the box, this file might be rather daunting. I always like to start from scratch, so I do the following (from command line):

  1. sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
  2. sudo rm /etc/samba/smb.conf
  3. sudo touch /etc/samba/smb.conf

The above simply makes a backup of the smb.conf file, removes the original, and then creates a new, empty smb.conf file.

Before we actually begin creating our smb.conf file, let’s take a look at how this file is structured. The smb.conf file is broken down in to sections, with each section beginning with [NAME] (Where NAME is the name of the section). Typical sections are:

  • [global] – This is the section that contains configuration options used in all sections.
  • [share] – This section will define a share name.
  • [printers] – This section will define a shared printer.

Within each section will be directives that define various aspects of a configuration. Let’s take a look at a minimal (but useful) smb.conf file.

[global]

netbios name = NETBIOS_NAME

workgroup = WORKGROUP

security = user

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

interfaces = 192.168.1.1/8

[SHARE_NAME]

comment = COMMENT

path = /PATH/TO/SHARE

writeable = yes

create mask = 0770

force create mode = 0770

locking = yes


[printers]

comment = COMMENT

path = /var/spool/samba

guest ok = Yes

printable = Yes

use client driver = Yes

browseable = No

NOTE: Everything in bold is system specific.

There are a few things we must touch on with the above configuration. Let’s go line-by-line as needed (many of the lines should be self-explanatory).

security = user: This line defines the method of authentication Samba will use. I have always found user to be the most reliable. Samba has five different methods:

  • user: Each user will have an account on the machine hosting Samba.
  • server: This mode is not used anymore – it defines an external authentication server.
  • ADS: Active Directory mode.
  • Domain: This type is a centrally located account which is shared between domain controllers.
  • share: Clients will authenticate against a particular share on the Samba server.

interfaces = 192.168.1.1/8: This line will dictate the addresses that are allowed to connect to your shares. This will be specified by your network topology.

create mask = 0770/force create mode = 0770: These lines dictate the permissions given to anything created, by users, within the share. In this case the clients will get read/write access to all files except those belonging to “other.” Without these lines, clients will have trouble creating files/folders in the share.

locking = yes: This is critical when sharing folders as it will create a lock file for any open file. When a file has an associated lock file other users can not open that file for writing. This prevents users from overwriting changes at the same time, causing file corruption.

use client driver = Yes: This line dictates that Samba is not required to share out drivers for clients. If you are on a larger network then you might want to share out drivers. Otherwise the drivers for the shared printer will have to be installed on the client machines.

Once you have that file created, save it and then restart Samba (with a command like sudo /etc/init.d/samba restart). Of course you’re not done yet.

Adding Users

If you do not add users to your Samba installation, those users will not be able to authenticate, which will keep them from browing/using the shares. In order to add a user you have to issue two commands:

sudo smbpasswd -L -a USERNAME

and

sudo smbpasswd -L -e USERNAME

Where USERNAME is the actual username on the system.

The first command will add the user and a password for the user (you will be prompted to enter the new user password after you enter the command). The second command enables the user for Samba.

Now your users are ready to authenticate and use Samba. You can go back to the original article I mentioned (at the beginning of this tutorial) to see how to connect to the server from both Mac and Windows.

Printers

A note about printers. In some instances Samba will not add the /var/spool/samba directory that is used for printer spooling. Check to see if this exists with the command ls /var/spool/If you see samba there, you are good to go. If not, issue the following commands:

sudo mkdir /var/spool/samba

sudo chmod 777 /var/spool/samba

That should do it. Make sure the printer you wish to share actually works on the local Linux machine and it should be shared out and ready to go for your clients.

Final Thoughts

Samba is not as difficult to set up as most assume. In fact, once you get the hang of it you will find it easier to share out files and folders with Samba than it is with any other operating system.

然后在路由器上配置端口转发

Suppose you have a “Network Attached Storage” (NAS) on your local network area that is configured with a samba server to access the data. I personnaly have a “D-Link DNS-323″ which has a samba server. You would like to access the NAS’s data from Internet. You’ll have to configure your firewall to redirect the Samba ports.

Here is the ports needed by Samba :

port nom du service protocole
137 NetBIOS Name Service (nbname) UDP
138 NetBIOS Datagram Service (nbdatagram) UDP
139 NetBIOS Session Service (nbsession) TCP
445 “Direct-Hosted” TCP TCP et UDP

Just create NAT rules on your firewall and you will be able to access your samba server from Internet. Here is a NAT example on free.fr network provider : (192.168.0.99 is my NAS ip on my local network)

此条目发表在 服务器 分类目录,贴了 , 标签。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>