Date: Fri, 3 Jun 2016 18:36:04 +0000 (UTC) From: Warren Block <wblock@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48890 - in head: en_US.ISO8859-1/books/handbook/network-servers share/xml Message-ID: <201606031836.u53Ia4CW045366@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wblock Date: Fri Jun 3 18:36:04 2016 New Revision: 48890 URL: https://svnweb.freebsd.org/changeset/doc/48890 Log: Update Samba configuration information for the modern era. PR: 197528 Submitted by: Shawn Debnath <sd@beastie.io> Differential Revision: https://reviews.freebsd.org/D6086 Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml head/share/xml/man-refs.ent Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jun 3 18:20:29 2016 (r48889) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jun 3 18:36:04 2016 (r48890) @@ -5065,89 +5065,60 @@ AddModule mod_php5.c network.</para> <para>A &os; system can also be configured to act as a - <application>Samba</application> server. This allows the - administrator to create <acronym>SMB/CIFS</acronym> shares on + <application>Samba</application> server by installing the + <package>net/samba43</package> port or package. This allows the + administrator to create <acronym>SMB</acronym>/<acronym>CIFS</acronym>shares on the &os; system which can be accessed by clients running µsoft.windows; or the <application>Samba</application> - client libraries. In order to configure a - <application>Samba</application> server on &os;, the - <package>net/samba36</package> port or package must first be - installed. The rest of this section provides an overview of how - to configure a <application>Samba</application> server on - &os;.</para> - -<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. --> + client libraries.</para> <sect2> - <title>Configuration</title> - - <para>A default <application>Samba</application> configuration - file is installed as - <filename>/usr/local/share/examples/samba36/smb.conf.default</filename>. - This file must be copied to - <filename>/usr/local/etc/smb.conf</filename> and customized - before <application>Samba</application> can be used.</para> - - <para>Runtime configuration information for - <application>Samba</application> is found in - <filename>smb.conf</filename>, such as definitions of the - printers and <quote>file system shares</quote> that will - be shared with &windows; clients. The - <application>Samba</application> package includes a web based - tool called <application>swat</application> which provides a - simple way for configuring - <filename>smb.conf</filename>.</para> + <title>Server Configuration</title> - <sect3> - <title>Using the Samba Web Administration Tool (SWAT)</title> - - <para>The Samba Web Administration Tool (SWAT) runs as a - daemon from <application>inetd</application>. Therefore, - <application>inetd</application> must be enabled as shown in - <xref linkend="network-inetd"/>. To enable - <application>swat</application>, uncomment the following - line in <filename>/etc/inetd.conf</filename>:</para> - - <programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat swat</programlisting> - - <para>As explained in <xref linkend="network-inetd-reread"/>, - the <application>inetd</application> configuration must be - reloaded after this configuration file is changed.</para> - - <para>Once <application>swat</application> has been enabled, - use a web browser to connect to <uri - xlink:href="http://localhost:901">http://localhost:901</uri>. - At first login, enter the credentials for <systemitem - class="username">root</systemitem>.</para> - -<!-- XXX screenshots go here, loader is creating them - XXXTR: I'll believe it when I see it. --> - - <para>Once logged in, the main - <application>Samba</application> configuration page and the - system documentation will be available. Begin configuration - by clicking on the <guimenu>Globals</guimenu> tab. The - <guimenu>Globals</guimenu> section corresponds to the - variables that are set in the <literal>[global]</literal> - section of - <filename>/usr/local/etc/smb.conf</filename>.</para> - </sect3> + <para><application>Samba</application> is configured in + <filename>/usr/local/etc/smb4.conf</filename>. This file must + be created before <application>Samba</application> + can be used.</para> + + <para>A simple <filename>smb4.conf</filename> to share + directories and printers with &windows; clients in a + workgroup is shown here. For more complex setups + involving LDAP or Active Directory, it is easier to use + &man.samba-tool.8; to create the initial + <filename>smb4.conf</filename>.</para> + + <programlisting>[global] +workgroup = WORKGROUP +server string = Samba Server Version %v +netbios name = ExampleMachine +wins support = Yes +security = user +passdb backend = tdbsam + +# Example: share /usr/src accessible only to 'developer' user +[src] +path = /usr/src +valid users = developer +writable = yes +browsable = yes +read only = no +guest ok = no +public = no +create mask = 0666 +directory mask = 0755</programlisting> <sect3> <title>Global Settings</title> - <para>Whether <application>swat</application> is used or - <filename>/usr/local/etc/smb.conf</filename> is edited - directly, the first directives encountered when configuring - <application>Samba</application> are:</para> + <para>Settings that describe the network are added in + <filename>/usr/local/etc/smb4.conf</filename>:</para> <variablelist> <varlistentry> <term><literal>workgroup</literal></term> <listitem> - <para>The domain name or workgroup name for the - computers that will be accessing this server.</para> + <para>The name of the workgroup to be served.</para> </listitem> </varlistentry> @@ -5157,7 +5128,7 @@ AddModule mod_php5.c <listitem> <para>The NetBIOS name by which a <application>Samba</application> server is known. By - default it is the same as the first component of the + default, it is the same as the first component of the host's <acronym>DNS</acronym> name.</para> </listitem> </varlistentry> @@ -5172,24 +5143,34 @@ AddModule mod_php5.c about the server.</para> </listitem> </varlistentry> + + <varlistentry> + <term><literal>wins support</literal></term> + + <listitem> + <para>Whether <application>Samba</application> will + act as a <acronym>WINS</acronym> server. Do not + enable support for <acronym>WINS</acronym> on more than + one server on the network.</para> + </listitem> + </varlistentry> </variablelist> </sect3> <sect3> <title>Security Settings</title> - <para>Two of the most important settings in - <filename>/usr/local/etc/smb.conf</filename> are the - security model and the backend password format for client - users. The following directives control these - options:</para> + <para>The most important settings in + <filename>/usr/local/etc/smb4.conf</filename> are the + security model and the backend password format. These + directives control the options:</para> <variablelist> <varlistentry> <term><literal>security</literal></term> <listitem> - <para>The two most common options are + <para>The most common settings are <literal>security = share</literal> and <literal>security = user</literal>. If the clients use usernames that are the same as their usernames on @@ -5217,30 +5198,29 @@ AddModule mod_php5.c <para><application>Samba</application> has several different backend authentication models. Clients may be authenticated with LDAP, NIS+, an SQL database, - or a modified password file. The default - authentication method is <literal>smbpasswd</literal>, - and that is all that will be covered here.</para> + or a modified password file. The recommended + authentication method, <literal>tdbsam</literal>, + is ideal for simple networks and is covered here. + For larger or more complex networks, + <literal>ldapsam</literal> is recommended. + <literal>smbpasswd</literal> + was the former default and is now obsolete.</para> </listitem> </varlistentry> </variablelist> - <para>Assuming that the default <literal>smbpasswd</literal> - backend is used, - <filename>/usr/local/etc/samba/smbpasswd</filename> - must be created to allow <application>Samba</application> to - authenticate clients. To provide &unix; user accounts - access from &windows; clients, use the following command to - add each required user to that file:</para> - - <screen>&prompt.root; <userinput>smbpasswd -a <replaceable>username</replaceable></userinput></screen> - - <note> - <para>The recommended backend is now - <literal>tdbsam</literal>. If this backend is selected, - use the following command to add user accounts:</para> + </sect3> + + <sect3> + <title><application>Samba</application> Users</title> + + <para>&os; user accounts must be mapped to the + <literal>SambaSAMAccount</literal> database for + &windows; clients to access the share. + Map existing &os; user accounts using + &man.pdbedit.8;:</para> - <screen>&prompt.root; <userinput>pdbedit -a -u <replaceable>username</replaceable></userinput></screen> - </note> + <screen>&prompt.root; <userinput>pdbedit -a <replaceable>username</replaceable></userinput></screen> <para>This section has only mentioned the most commonly used settings. Refer to the <link @@ -5259,13 +5239,6 @@ AddModule mod_php5.c <programlisting>samba_enable="YES"</programlisting> - <para>Alternately, its services can be started - separately:</para> - - <programlisting>nmbd_enable="YES"</programlisting> - - <programlisting>smbd_enable="YES"</programlisting> - <para>To start <application>Samba</application> now:</para> <screen>&prompt.root; <userinput>service samba start</userinput> @@ -5277,11 +5250,11 @@ Starting smbd.</screen> separate daemons. Both the <application>nmbd</application> and <application>smbd</application> daemons are started by <varname>samba_enable</varname>. If winbind name resolution - services are enabled in <filename>smb.conf</filename>, the - <application>winbindd</application> daemon is started as - well.</para> + is also required, set:</para> + + <programlisting>winbindd_enable="YES"</programlisting> - <para><application>Samba</application> may be stopped at any + <para><application>Samba</application> can be stopped at any time by typing:</para> <screen>&prompt.root; <userinput>service samba stop</userinput></screen> Modified: head/share/xml/man-refs.ent ============================================================================== --- head/share/xml/man-refs.ent Fri Jun 3 18:20:29 2016 (r48889) +++ head/share/xml/man-refs.ent Fri Jun 3 18:36:04 2016 (r48890) @@ -5708,6 +5708,7 @@ <!ENTITY man.pccardc.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pccardc</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.pccardd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pccardd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.pciconf.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pciconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; +<!ENTITY man.pdbedit.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pdbedit</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.periodic.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>periodic</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.pfctl.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pfctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.pflogd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>pflogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; @@ -5842,6 +5843,7 @@ <!ENTITY man.sa.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sa</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.sade.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sade</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.savecore.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>savecore</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; +<!ENTITY man.samba-tool.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>samba-tool</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.sconfig.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>sconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.scsi.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>scsi</refentrytitle><manvolnum>8</manvolnum></citerefentry>">; <!ENTITY man.scspd.8 "<citerefentry xmlns='http://docbook.org/ns/docbook'><refentrytitle>scspd</refentrytitle><manvolnum>8</manvolnum></citerefentry>">;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606031836.u53Ia4CW045366>