This guide explains how to configure samba server in Ubuntu 14.04 with anonymous & secured samba servers. Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients. I’ll be logged in as root.
Step 1 – Update repositories.
Main Configuration
Step 4 – Open config file.
– force create mode = 0775 – directory mask = 0775 – force create mode = 0775 // These are the permissions, which will be used for creation of files and folders. In this way the files and folders will be edited only by the users of the particular group. If you want these files and folders to be edited by all users, you have to change the permissions to 777 7 -valid users – write list = mslavov // The users who will have permission to write in this directory 8 – [yoursharedfolder] – comment = yoursharedfolder – path = /srv/samba/yoursharedfolder //If you want to create your own shared folder, you just have to change the folders names with your folders names and to add the rules which you want for your folder.
This is mine config file.
Advanced Configuration
In this part I will show you how to configure .
Step 10 – Open config file nano /etc/samba/smb.conf and add the following line: vfs objects = full_audit full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:prefix = %u|%I|%m|%S full_audit:failure = none full_audit:facility = local5 full_audit:priority = notice recycle:repository = /home/recycle/ recycle:keeptree = yes recycle:versions = yes log file = /var/log/samba/samba.log You can add more attries but I strongly recommended to add only this mkdir rename unlink rmdir write. These are other attributes for full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir lock symlink After this your file will look like:
Step 1 – Update repositories.
root@mail:/# apt-get update
root@mail:/# apt-get upgrade
Step 2 – Install samba.root@mail:/# apt-get install samba
Step 3 – Backup config file .root@mail:/# cp /etc/samba/smb.conf /etc/samba/smb.conf.backup
Main Configuration
Step 4 – Open config file.root@mail:/# nano /etc/samba/smb.conf
Step 5 – Configuration of Samba server. 1 – [global] – The rules defined here apply for all shared folders 2 – follow symlinks = yes //allow using shortcut 3 – unix extensions – no //denied using unix extention 4 – [ftp] // name of share 5 – path = /srv/samba/ftp //path of share 6 – create mask = 0775 – force create mode = 0775 – directory mask = 0775 – force create mode = 0775 // These are the permissions, which will be used for creation of files and folders. In this way the files and folders will be edited only by the users of the particular group. If you want these files and folders to be edited by all users, you have to change the permissions to 777 7 -valid users – write list = mslavov // The users who will have permission to write in this directory 8 – [yoursharedfolder] – comment = yoursharedfolder – path = /srv/samba/yoursharedfolder //If you want to create your own shared folder, you just have to change the folders names with your folders names and to add the rules which you want for your folder.
This is mine config file.
[global] follow symlinks = yes wide links = yes unix extensions = no
[ftp] comment = ftp path = /srv/samba/ftp browseable = yes valid users = mslavov, YOURUSER, test, test1 write list = mslavov, YOURUSER, test, test1 create mask = 0775 force create mode = 0775 public = no guest only = no directory mask = 0775 force directory mode = 0775 store dos attributes = Yes hide unreadable = yes hide files = /examples.desktop
[yoursharedfolder] comment = yoursharedfolder path = /srv/samba/yoursharedfolder
Step 6 – Add users in Samba Server and after that add the user for particular folder in config file /etc/samba/smb.conf. Then you must restart samba service.[ftp] comment = ftp path = /srv/samba/ftp browseable = yes valid users = mslavov, YOURUSER, test, test1 write list = mslavov, YOURUSER, test, test1 create mask = 0775 force create mode = 0775 public = no guest only = no directory mask = 0775 force directory mode = 0775 store dos attributes = Yes hide unreadable = yes hide files = /examples.desktop
[yoursharedfolder] comment = yoursharedfolder path = /srv/samba/yoursharedfolder
root@mail:/# smbpasswd -a youruser
Step 7 – Now you must restart samba service.root@mail:/# restart nmbd root@mail:/# restart smbd
Step 8 – Create folder for your share and give full right.root@mail:/# mkdir /etc/samba/ftp root@mail:/# chmod 777 /etc/samba/ftp
Step 9 – Add share folder on Windows. My Computer -> Map network drive -> \\Ip address of samba server\\name of your shared folder -> add your samba user and password. Advanced Configuration
In this part I will show you how to configure .Step 10 – Open config file nano /etc/samba/smb.conf and add the following line: vfs objects = full_audit full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:prefix = %u|%I|%m|%S full_audit:failure = none full_audit:facility = local5 full_audit:priority = notice recycle:repository = /home/recycle/ recycle:keeptree = yes recycle:versions = yes log file = /var/log/samba/samba.log You can add more attries but I strongly recommended to add only this mkdir rename unlink rmdir write. These are other attributes for full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir lock symlink After this your file will look like:
[ftp] comment = ftp path = /srv/samba/ftp browseable = yes valid users = mslavov, YOURUSER, test, test1 write list = mslavov, YOURUSER, test, test1 create mask = 0775 force create mode = 0775 public = no guest only = no directory mask = 0775 force directory mode = 0775 store dos attributes = Yes hide unreadable = yes hide files = /examples.desktop vfs objects = full_audit full_audit:success = mkdir rmdir read pread write pwrite rename unlink full_audit:prefix = %u|%I|%m|%S #full_audit:failure = none full_audit:failure = connect full_audit:facility = local5 full_audit:priority = notice recycle:repository = /home/recycle/ recycle:keeptree = yes recycle:versions = yes log file = /var/log/samba/samba.log
Step 11 – Create log file for samba audit. Execute the following command nano /etc/rsyslog.d/50-default.conf and find *.* …..line and make the changes to look like this:auth,authpriv.* /var/log/auth.log *.*;local5,auth,authpriv.none* -/var/log/syslog local5.notice* /var/log/samba-audit.log
Step 12 – Create file for audit and change permission.root@mail:/# touch /var/log/samba-audit.log root@mail:/# chown syslog:adm /var/log/samba-audit.log
Step 13 – Open this file /etc/logrotate.d/samba and add the following lines:/var/log/samba-audit.log { weekly missingok rotate 7 postrotate reload rsyslog > /dev/null 2>&1 || true endscript compress notifempty }
Step 13 – Restart rsyslog and samba service.root@mail:/# reboot
Step 14 – Now you can see audit for test folder for Jun 12root@mail:/# cat /var/log/samba-audit.log | grep test | grep “Jun 12? Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|rename|ok|New folder|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|create_file|ok|0x100080|file|open|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Posts Contents: – Download More Blogspot contents(Posts) for you site
Comments
Post a Comment