- Samba3 by Example
- Samba3 How to
- Server Message Block
- CIFSD - in-kernel CIFS/SMB server
- Wikipedia Samba
guest ok = yes
smbclient //127.0.0.1/public -U guest
- 137 netbios-ns NETBIOS Name Service
- 138 netbios-dgm NETBIOS Datagram Service
- 139/udp/tcp netbios-ssn NETBIOS Session Service
- 445/tcp NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
- 901 SWAT service (not related to client communication)
- 445 microsoft-ds 域控
- smbstatus - 查看服务状态
- smbstatus - 查看服务状态
- samba - gpupdate dnsupdate downgrade_db kcc spnupdate upgradedns
- guest 需要
map to guest = Bad User
- 特殊 section
- 如果配置了，则支持自动创建 HOME 目录
path = /data/users/%S
- 类似于 homes，但是用于打印机
tdb (idmap_tdb(8)), tdb2 (idmap_tdb2(8)), ldap (idmap_ldap(8)), rid (idmap_rid(8)), hash (idmap_hash(8)), autorid (idmap_autorid(8)), ad (idmap_ad(8)), nss (idmap_nss(8)), and rfc2307 (idmap_rfc2307(8)).
idmap_tdb Samba's idmap_tdb Backend for Winbind
The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables.
In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings.
range = low - high Defines the available matching uid and gid range for which the backend is authoritative.
idmap_tdb2 — Samba's idmap_tdb2 Backend for Winbind The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend used by winbindd for storing SID/uid/gid mapping tables in clustered environments with Samba and CTDB.
script This option can be used to configure an external program for performing id mappings instead of using the tdb counter. The mappings are then stored int tdb2 idmap database. For details see the section on IDMAP SCRIPT below.
idmap config * : script = /usr/local/samba/bin/idmap_script.sh
The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions.
"map to guest = Bad User" will reject a user if that user is in the server's samba password database but has the wrong password. But if the client user name doesn't exist in the samba password database he is converted to the guest account and then it's up to a given share definition to determine if he can gain access.
"map to guest = Never" makes the exact same comparison to the database but if it doesn't find that user it doesn't convert the user to the guest account it just rejects him and that user isn't even allowed to view the share list.
Don't pass a username and the "map to guest" logic is never used at the browse level and that's what a Linux client does unless you force it..
Starting with v4.0, Samba is (or can be):
a file server a DNS server an LDAP server a Kerberos server an AD server
Create an Active Directory Infrastructure with Samba4 on Ubuntu https://www.tecmint.com/install-samba4-active-directory-ubuntu/
Windows 7 Service Pack 1 (SP1) 远程服务器管理工具 https://www.microsoft.com/zh-cn/download/details.aspx?id=7887
Alpine Linux based container (aka Docker) for Samba 4 Active Directory https://github.com/tkaefer/alpine-samba-ad-container
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH -v $PWD:/share -w /share wener/samba sh
mount -t cifs //10.88.2.202/share $PWD/mnt -o user=user,password=pass
- Samba 默认只允许 NTLMv2
- 修改为允许 v1
ntlm auth = ntlmv1-permitted
- 修改为允许 v1
- 或者 Windows 修改为使用 v2
- NTLMv2 response only/refuse LM and NTLM.
- Windows 7 开始默认 NTLMv2 但有可能开启共享时被配置成了 v1