lynxchat писал(а):Gnome заставил меня поставить Samba4
вот раньше все работало на тройке отлично, но тут поменялись команды в конфиге и некоторые он перестал нормально жрать, например:
Код: Выделить всё
# ./samba4 start
Starting samba4.
Unknown parameter encountered: "guest account"
Ignoring unknown parameter "guest account"
Unknown parameter encountered: "guest ok"
Ignoring unknown parameter "guest ok"
Unknown parameter encountered: "guest ok"
Ignoring unknown parameter "guest ok"
Unknown parameter encountered: "guest ok"
Ignoring unknown parameter "guest ok"
Unknown parameter encountered: "guest ok"
Ignoring unknown parameter "guest ok"
так вот а они как раз давали возможность просто - без спроса кому угодно ходить на диск...
мне требуется только ограничени по IP (слава богу не изменилось)
вот кусок ранее рабочего конфига...
Код: Выделить всё
[global]
dos charset = 866
unix charset = koi8-r
display charset = 866
netbios name = FREEBSD
server string = Samba Server
security = SHARE
guest account = lynxchat
log file = /var/log/samba/log.%m
dns proxy = No
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=131072 SO_RCVBUF=1
[User_my]
comment = User_my
path = /STORAGE/USER/MY
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
hosts allow = 192.168.1.0/24
Пробовал нормальную информацию найти или пример конфига - фиг...
как это сделать через Provision - нифига не понял - там сложные вещи описываются
подскажите пожалуйста
В source4/NEWS кое-что есть:
Changed configuration options
=============================
Several configuration options have been removed in Samba4 while others have
been introduced. This section contains a summary of changes to smb.conf and
where these settings moved. Configuration options that have disappeared may be
re-added later when the functionality that uses them gets reimplemented in
Samba 4.
The 'security' parameter has been split up. It is now only used to choose
between the 'user' and 'share' security levels (the latter is not supported
in Samba 4 yet). The other values of this option and the 'domain master' and
'domain logons' parameters have been merged into a 'server role' parameter
that can be either 'domain controller', 'member server' or 'standalone'. Note that
member server support does not work yet.
The following parameters have been removed:
- passdb backend: accounts are now stored in a LDB-based SAM database,
see 'sam database' below.
- update encrypted
- public
- guest ok
- client schannel
- server schannel
- allow trusted domains
- hosts equiv
- map to guest
- smb passwd file
- algorithmic rid base
- root directory
- root dir
- root
- guest account
- enable privileges
- pam password change
- passwd program
- passwd chat debug
- passwd chat timeout
- check password script
- username map
- username level
- unix password sync
- restrict anonymous
- username
- user
- users
- invalid users
- valid users
- admin users
- read list
- write list
- printer admin
- force user
- force group
- group
- write ok
- writeable
- writable
- acl check permissions
- acl group control
- acl map full control
- create mask
- create mode
- force create mode
- security mask
- force security mode
- directory mask
- directory mode
- force directory mode
- directory security mask
- force directory security mode
- force unknown acl user
- inherit permissions
- inherit acls
- inherit owner
- guest only
- only guest
- only user
- allow hosts
- deny hosts
- preload modules
- use kerberos keytab
- syslog
- syslog only
- max log size
- debug timestamp
- timestamp logs
- debug hires timestamp
- debug pid
- debug uid
- allocation roundup size
- aio read size
- aio write size
- aio write behind
- large readwrite
- protocol
- read bmpx
- reset on zero vc
- acl compatibility
- defer sharing violations
- ea support
- nt acl support
- nt pipe support
- profile acls
- map acl inherit
- afs share
- max ttl
- client use spnego
- enable asu support
- svcctl list
- block size
- change notify timeout
- deadtime
- getwd cache
- keepalive
- kernel change notify
- lpq cache time
- max smbd processes
- max disk size
- max open files
- min print space
- strict allocate
- sync always
- use mmap
- use sendfile
- hostname lookups
- write cache size
- name cache timeout
- max reported print jobs
- load printers
- printcap cache time
- printcap name
- printcap
- printing
- cups options
- cups server
- iprint server
- print command
- disable spoolss
- enable spoolss
- lpq command
- lprm command
- lppause command
- lpresume command
- queuepause command
- queueresume command
- enumports command
- addprinter command
- deleteprinter command
- show add printer wizard
- os2 driver map
- use client driver
- default devmode
- force printername
- mangling method
- mangle prefix
- default case
- case sensitive
- casesignames
- preserve case
- short preserve case
- mangling char
- hide dot files
- hide special files
- hide unreadable
- hide unwriteable files
- delete veto files
- veto files
- hide files
- veto oplock files
- map readonly
- mangled names
- mangled map
- max stat cache size
- stat cache
- store dos attributes
- machine password timeout
- add user script
- rename user script
- delete user script
- add group script
- delete group script
- add user to group script
- delete user from group script
- set primary group script
- add machine script
- shutdown script
- abort shutdown script
- username map script
- logon script
- logon path
- logon drive
- logon home
- domain logons
- os level
- lm announce
- lm interval
- domain master
- browse list
- enhanced browsing
- wins proxy
- wins hook
- wins partners
- blocking locks
- fake oplocks
- kernel oplocks
- locking
- lock spin count
- lock spin time
- level2 oplocks
- oplock break wait time
- oplock contention limit
- posix locking
- share modes
- ldap server
- ldap port
- ldap admin dn
- ldap delete dn
- ldap group suffix
- ldap idmap suffix
- ldap machine suffix
- ldap passwd sync
- ldap password sync
- ldap replication sleep
- ldap suffix
- ldap ssl
- ldap timeout
- ldap page size
- ldap user suffix
- add share command
- change share command
- delete share command
- eventlog list
- utmp directory
- wtmp directory
- utmp
- default service
- default
- message command
- dfree cache time
- dfree command
- get quota command
- set quota command
- remote announce
- remote browse sync
- homedir map
- afs username map
- afs token lifetime
- log nt token command
- time offset
- NIS homedir
- preexec
- exec
- preexec close
- postexec
- root preexec
- root preexec close
- root postexec
- set directory
- wide links
- follow symlinks
- dont descend
- magic script
- magic output
- delete readonly
- dos filemode
- dos filetimes
- dos filetime resolution
- fake directory create times
- panic action
- vfs objects
- vfs object
- msdfs root
- msdfs proxy
- host msdfs
- enable rid algorithm
- passdb expand explicit
- idmap backend
- idmap uid
- winbind uid
- idmap gid
- winbind gid
- template homedir
- template shell
- winbind separator
- winbind cache time
- winbind enum users
- winbind enum groups
- winbind use default domain
- winbind trusted domains only
- winbind nested groups
- winbind max idle children
- winbind nss info
The following parameters have been added:
+ rpc big endian (G)
Make Samba fake it is running on a bigendian machine when using DCE/RPC.
Useful for debugging.
Default: no
+ case insensitive filesystem (S)
Set to true if this share is located on a case-insensitive filesystem.
This disables looking for a filename by trying all possible combinations of
uppercase/lowercase characters and thus speeds up operations when a
file cannot be found.
Default: no
+ setup directory
Path to data used by provisioning script.
Default: Set at compile-time
+ ncalrpc dir
Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport.
Default: Set at compile-time
+ ntvfs handler
Backend to the NT VFS to use (more than one can be specified). Available
backends include:
- posix:
Maps POSIX FS semantics to NT semantics
- simple:
Very simple backend (original testing backend).
- unixuid:
Sets up user credentials based on POSIX gid/uid.
- cifs:
Proxies a remote CIFS FS. Mainly useful for testing.
- nbench:
Filter module that saves data useful to the nbench benchmark suite.
- ipc:
Allows using SMB for inter process communication. Only used for
the IPC$ share.
- print:
Allows printing over SMB. This is LANMAN-style printing (?), not
the be confused with the spoolss DCE/RPC interface used by later
versions of Windows.
Default: unixuid default
+ ntptr providor
FIXME
+ dcerpc endpoint servers
What DCE/RPC servers to start.
Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup
+ server services
Services Samba should provide.
Default: smb rpc nbt wrepl ldap cldap web kdc
+ sam database
Location of the SAM (account database) database. This should be a
LDB URL.
Default: set at compile-time
+ spoolss database
Spoolss (printer) DCE/RPC server database. This should be a LDB URL.
Default: set at compile-time
+ wins config database
WINS configuration database location. This should be a LDB URL.
Default: set at compile-time
+ wins database
WINS database location. This should be a LDB URL.
Default: set at compile-time
+ client use spnego principal
Tells the client to use the Kerberos service principal specified by the
server during the security protocol negotation rather than
looking up the principal itself (cifs/hostname).
Default: false
+ nbt port
TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 137
+ dgram port
UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation.
Default: 138
+ cldap port
UDP/IP port used by the CLDAP protocol.
Default: 389
+ krb5 port
IP port used by the kerberos KDC.
Default: 88
+ kpasswd port
IP port used by the kerberos password change protocol.
Default: 464
+ web port
TCP/IP port SWAT should listen on.
Default: 901
+ tls enabled
Enable TLS support for SWAT
Default: true
+ tls keyfile
Path to TLS key file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a key.
Default: none
+ tls certfile
Path to TLS certificate file (PEM format) to be used by SWAT. If no
path is specified, Samba will create a certificate.
Default: none
+ tls cafile
Path to CA authority file Samba will use to sign TLS keys it generates. If
no path is specified, Samba will create a self-signed CA certificate.
Default: none
+ tls crlfile
Path to TLS certificate revocation lists file.
Default: none
+ swat directory
SWAT data directory.
Default: set at compile-time
+ large readwrite
Indicate the CIFS server is able to do large reads/writes.
Default: true
+ unicode
Enable/disable unicode support in the protocol.
Default: true