Samba

Samba is [[Article description::a re-implementation of the SMB/CIFS networking protocol, a Microsoft Windows alternative to Network File System (NFS).]]

Installation

Kernel

KERNEL Enabling CIFS and SMB2/SMB3 support
File Systems --->
    [*] Network File Systems --->
        [*] CIFS support (advanced network filesystem, SMBFS successor)--->
            [*] CIFS Statistics
                [*] Extended Statistics
            [*] CIFS Extended Attributes
                [*] CIFS POSIX Extentions
            [*] SMB2 and SMB3 network file system support
Note
If a share fails to mount with the error CIFS VFS: Unknown vers= option specified: 2.1, enable the CONFIG_CIFS_SMB2 kernel option.

Samba

USE flags

USE flags for net-fs/samba Samba Suite Version 4

acl Add support for Access Control Lists
addc Enable Active Directory Domain Controller support
addns Enable AD DNS integration
ads Enable Active Directory support
ceph Enable support for Ceph distributed filesystem via sys-cluster/ceph
client Enables the client part
cluster Enable support for clustering
cups Add support for CUPS (Common Unix Printing System)
debug Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
dmapi Enable support for DMAPI. This currently works only in combination with XFS.
fam Enable FAM (File Alteration Monitor) support
glusterfs Enable support for Glusterfs filesystem via sys-cluster/glusterfs
gpg Use app-crypt/gpgme for AD DC
iprint Enabling iPrint technology by Novell
json Enable json audit support through dev-libs/jansson
ldap Add LDAP support (Lightweight Directory Access Protocol)
ntvfs Enable support for NTVFS fileserver
pam Add support for PAM (Pluggable Authentication Modules)DANGEROUS to arbitrarily flip
profiling-data Enables support for collecting profiling data
python Add optional support/bindings for the Python language
quota Enables support for user quotas
regedit Enable support for regedit command-line tool
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
snapper Enable vfs_snapper module (requires sys-apps/dbus)
spotlight Enable support for spotlight backend
syslog Enable support for syslog
system-heimdal Use app-crypt/heimdal instead of bundled heimdal.
system-mitkrb5 Use app-crypt/mit-krb5 instead of app-crypt/heimdal.
systemd Enable use of systemd-specific libraries and features like socket activation or session tracking
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
winbind Enables support for the winbind auth daemon
zeroconf Support for DNS Service Discovery (DNS-SD)
Data provided by the Gentoo Package Database · Last update: 2021-03-15 20:38 More information about USE flags

Warning
Especially when setting up an AD DC: Read the current Samba documentation and release notes. MIT kerberos support is still marked experimental in Samba. System Heimdal support also seems broken at the Samba side - That's why, system-heimdal keyword is currently hard masked. For AD DC production environments, running Samba with the bundled heimdal kerberos should be considered at the moment.

Emerge

Install Samba:

root #emerge --ask --noreplace net-fs/samba

Samba can also be installed by setting the global USE flag samba and updating the system:

root #emerge --ask --changed-use --deep @world

CIFS

USE flags

If the full Samba package is not needed, the net-fs/cifs-utils package is available:

USE flags for net-fs/cifs-utils Tools for Managing Linux CIFS Client Filesystems

acl Add support for Access Control Lists
ads Enable Active Directory support and create cifs.idmap binaryidmap support
caps Enable sys-libs/libcap-ng support
creds cifs credentials support
pam Add support for PAM (Pluggable Authentication Modules)DANGEROUS to arbitrarily flip
systemd Enable use of systemd-specific libraries and features like socket activation or session tracking
Data provided by the Gentoo Package Database · Last update: 2021-01-31 00:06 More information about USE flags

Emerge

Emerge the CIFS user-space tools:

root #emerge --ask net-fs/cifs-utils

Usage

Services

OpenRC

When using OpenRC, adding Samba to the default runlevel will enable the Samba service to start when the system boots:

root #rc-update add samba default

To start the Samba service now issue:

root # eselect rc start samba

Systemd

For systemd users, the Samba service can be configuired to start during boot using systemctl:

root #systemctl enable smb.service

To start the service immediately issue:

root #systemctl start smb.service

CIFS share

Mount the shared content

Once the client is fully configured, the shares can soon be accessed.

Create the mount point:

root #mkdir -p /mnt/My-Disk/{Media,Shared}

Mount the exported folders:

root #mount.cifs //O2-Foobar/Media /mnt/My-Disk/Media -o guest
root #mount.cifs //O2-Foobar/Shared /mnt/My-Disk/Shared -o guest

To automatically mount shares on every boot, edit /etc/fstab to look like this:

FILE /etc/fstab
//O2-Foobar/Media  /mnt/My-Disk/Media  cifs guest
//O2-Foobar/Shared /mnt/My-Disk/Shared cifs guest
Note
  • In the case of permission problems are encountered when trying to create files and folders on the disk, try to use gid=<user's_gid>, uid=<user's_uid>
  • Be sure to replace <user's_gid> with the user ID of choice.

Troubleshooting

Some problems may occur when trying to mount new CIFS shares. The following sections attempt to provide resolutions to common problems.

Cannot resolve <server-name>

More specifically, the actual error:

root #mount.cifs ...
"mount error: could not find target server. TCP name foo/bar not found. No ip
address specified and hostname not found"

This can easily be fixed by editing /etc/nsswitch and appending wins next to the hosts entry:

FILE /etc/nsswitch
hosts: files dns wins

If this does not work, use the CIFS server's IP address instead of the O2-Foobar hostname. The nmblookup utility (provided by net-fs/samba) comes in handy when trying to find the IP address of an CIFS host:

root #nmblookup O2-Foobar

Shutdown process hangs when trying to unmount CIFS shares

If the system shutdown hangs at

* Unmounting network filesystems ...

then users must make sure the CIFS shares are unmounted properly before udev tries to stop. One way to work around this is to create local.d scripts to unmount the CIFS filesystems:

root #echo "umount -a -t cifs -f" > /etc/local.d/cifs.stop
root #chmod a+x /etc/local.d/cifs.stop

Client asking for share username/password

If Samba does not start after upgrading to Samba 4.2.11 with the following error:

../lib/param/loadparm.c:1082(lp_set_enum_parm)
WARNING: Ignoring invalid value 'share' for parameter 'security'
../source3/smbd/server.c:1256(main)
error opening config file '/etc/samba/smb.conf'

Change the Samba security parameter from share to user:

FILE /etc/samba/smb.conf
[global]
security = user

If guest access is enabled and the client is requesting the share username/password, set the map to guest parameter to bad user:

FILE /etc/samba/smb.conf
[global]
map to guest = bad user

See also

  • Samba (Security Handbook) - The Security Handbook's entry on how to secure a system running Samba.
  • Samba/Samba 4 Migration — introduces the migration of Samba 3 to Samba 4 with LDAP on Gentoo boxes.
  • Smbnetfs — a FUSE-based filesystem for SMB/CIFS shares.
  • SSHFS — a secure shell client used to mount remote filesystems to local machines.
  • Nfs-utils — a file system protocol that allows client machines to access network attached filesystems (called exports) from a host system.

External resources

This article is issued from Gentoo. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.