From owner-svn-doc-head@freebsd.org Fri Jun 3 18:36:06 2016 Return-Path: Delivered-To: svn-doc-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14A72B6934D; Fri, 3 Jun 2016 18:36:06 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DA35E1054; Fri, 3 Jun 2016 18:36:05 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u53Ia5Mo045368; Fri, 3 Jun 2016 18:36:05 GMT (envelope-from wblock@FreeBSD.org) Received: (from wblock@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u53Ia4CW045366; Fri, 3 Jun 2016 18:36:04 GMT (envelope-from wblock@FreeBSD.org) Message-Id: <201606031836.u53Ia4CW045366@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: wblock set sender to wblock@FreeBSD.org using -f From: Warren Block Date: Fri, 3 Jun 2016 18:36:04 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48890 - in head: en_US.ISO8859-1/books/handbook/network-servers share/xml X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2016 18:36:06 -0000 Author: wblock Date: Fri Jun 3 18:36:04 2016 New Revision: 48890 URL: https://svnweb.freebsd.org/changeset/doc/48890 Log: Update Samba configuration information for the modern era. PR: 197528 Submitted by: Shawn Debnath Differential Revision: https://reviews.freebsd.org/D6086 Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml head/share/xml/man-refs.ent Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jun 3 18:20:29 2016 (r48889) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jun 3 18:36:04 2016 (r48890) @@ -5065,89 +5065,60 @@ AddModule mod_php5.c network. A &os; system can also be configured to act as a - Samba server. This allows the - administrator to create SMB/CIFS shares on + Samba server by installing the + net/samba43 port or package. This allows the + administrator to create SMB/CIFSshares on the &os; system which can be accessed by clients running µsoft.windows; or the Samba - client libraries. In order to configure a - Samba server on &os;, the - net/samba36 port or package must first be - installed. The rest of this section provides an overview of how - to configure a Samba server on - &os;. - - + client libraries. - Configuration - - A default Samba configuration - file is installed as - /usr/local/share/examples/samba36/smb.conf.default. - This file must be copied to - /usr/local/etc/smb.conf and customized - before Samba can be used. - - Runtime configuration information for - Samba is found in - smb.conf, such as definitions of the - printers and file system shares that will - be shared with &windows; clients. The - Samba package includes a web based - tool called swat which provides a - simple way for configuring - smb.conf. + Server Configuration - - Using the Samba Web Administration Tool (SWAT) - - The Samba Web Administration Tool (SWAT) runs as a - daemon from inetd. Therefore, - inetd must be enabled as shown in - . To enable - swat, uncomment the following - line in /etc/inetd.conf: - - swat stream tcp nowait/400 root /usr/local/sbin/swat swat - - As explained in , - the inetd configuration must be - reloaded after this configuration file is changed. - - Once swat has been enabled, - use a web browser to connect to http://localhost:901. - At first login, enter the credentials for root. - - - - Once logged in, the main - Samba configuration page and the - system documentation will be available. Begin configuration - by clicking on the Globals tab. The - Globals section corresponds to the - variables that are set in the [global] - section of - /usr/local/etc/smb.conf. - + Samba is configured in + /usr/local/etc/smb4.conf. This file must + be created before Samba + can be used. + + A simple smb4.conf to share + directories and printers with &windows; clients in a + workgroup is shown here. For more complex setups + involving LDAP or Active Directory, it is easier to use + &man.samba-tool.8; to create the initial + smb4.conf. + + [global] +workgroup = WORKGROUP +server string = Samba Server Version %v +netbios name = ExampleMachine +wins support = Yes +security = user +passdb backend = tdbsam + +# Example: share /usr/src accessible only to 'developer' user +[src] +path = /usr/src +valid users = developer +writable = yes +browsable = yes +read only = no +guest ok = no +public = no +create mask = 0666 +directory mask = 0755 Global Settings - Whether swat is used or - /usr/local/etc/smb.conf is edited - directly, the first directives encountered when configuring - Samba are: + Settings that describe the network are added in + /usr/local/etc/smb4.conf: workgroup - The domain name or workgroup name for the - computers that will be accessing this server. + The name of the workgroup to be served. @@ -5157,7 +5128,7 @@ AddModule mod_php5.c The NetBIOS name by which a Samba server is known. By - default it is the same as the first component of the + default, it is the same as the first component of the host's DNS name. @@ -5172,24 +5143,34 @@ AddModule mod_php5.c about the server. + + + wins support + + + Whether Samba will + act as a WINS server. Do not + enable support for WINS on more than + one server on the network. + + Security Settings - Two of the most important settings in - /usr/local/etc/smb.conf are the - security model and the backend password format for client - users. The following directives control these - options: + The most important settings in + /usr/local/etc/smb4.conf are the + security model and the backend password format. These + directives control the options: security - The two most common options are + The most common settings are security = share and security = user. If the clients use usernames that are the same as their usernames on @@ -5217,30 +5198,29 @@ AddModule mod_php5.c Samba has several different backend authentication models. Clients may be authenticated with LDAP, NIS+, an SQL database, - or a modified password file. The default - authentication method is smbpasswd, - and that is all that will be covered here. + or a modified password file. The recommended + authentication method, tdbsam, + is ideal for simple networks and is covered here. + For larger or more complex networks, + ldapsam is recommended. + smbpasswd + was the former default and is now obsolete. - Assuming that the default smbpasswd - backend is used, - /usr/local/etc/samba/smbpasswd - must be created to allow Samba to - authenticate clients. To provide &unix; user accounts - access from &windows; clients, use the following command to - add each required user to that file: - - &prompt.root; smbpasswd -a username - - - The recommended backend is now - tdbsam. If this backend is selected, - use the following command to add user accounts: + + + + <application>Samba</application> Users + + &os; user accounts must be mapped to the + SambaSAMAccount database for + &windows; clients to access the share. + Map existing &os; user accounts using + &man.pdbedit.8;: - &prompt.root; pdbedit -a -u username - + &prompt.root; pdbedit -a username This section has only mentioned the most commonly used settings. Refer to the samba_enable="YES" - Alternately, its services can be started - separately: - - nmbd_enable="YES" - - smbd_enable="YES" - To start Samba now: &prompt.root; service samba start @@ -5277,11 +5250,11 @@ Starting smbd. separate daemons. Both the nmbd and smbd daemons are started by samba_enable. If winbind name resolution - services are enabled in smb.conf, the - winbindd daemon is started as - well. + is also required, set: + + winbindd_enable="YES" - Samba may be stopped at any + Samba can be stopped at any time by typing: &prompt.root; service samba stop Modified: head/share/xml/man-refs.ent ============================================================================== --- head/share/xml/man-refs.ent Fri Jun 3 18:20:29 2016 (r48889) +++ head/share/xml/man-refs.ent Fri Jun 3 18:36:04 2016 (r48890) @@ -5708,6 +5708,7 @@ pccardc8"> pccardd8"> pciconf8"> +pdbedit8"> periodic8"> pfctl8"> pflogd8"> @@ -5842,6 +5843,7 @@ sa8"> sade8"> savecore8"> +samba-tool8"> sconfig8"> scsi8"> scspd8">