差分
このページの2つのバージョン間の差分を表示します。
両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン最新のリビジョン両方とも次のリビジョン | ||
linux:samba:setting [2021/12/10 06:22] – [付録] ともやん | linux:samba:setting [2022/05/29 02:09] – [Samba の設定] ともやん | ||
---|---|---|---|
行 3: | 行 3: | ||
$ cat / | $ cat / | ||
</ | </ | ||
- | <WRAP prewrap 100% mincode> | + | <WRAP prewrap 100% mincode_long> |
<code autoconf / | <code autoconf / | ||
- | # See smb.conf.example for a more detailed config file or | ||
- | # read the smb.conf manpage. | ||
- | # Run ' | ||
- | # you modified it. | ||
# | # | ||
- | # Note: | + | # Sample configuration file for the Samba suite for Debian GNU/Linux. |
- | # SMB1 is disabled by default. This means clients without support for SMB2 or | + | # |
- | # SMB3 are no longer able to connect | + | # |
+ | # This is the main Samba configuration file. You should read the | ||
+ | # smb.conf(5) manual page in order to understand the options listed | ||
+ | # here. Samba has a huge number of configurable options most of which | ||
+ | # are not shown in this example | ||
+ | # | ||
+ | # Some options that are often worth tuning have been included as | ||
+ | # commented-out examples in this file. | ||
+ | # - When such options are commented with ";", | ||
+ | # differs from the default Samba behaviour | ||
+ | # - When commented with "#", | ||
+ | # behaviour of Samba but the option is considered important | ||
+ | # enough | ||
+ | # | ||
+ | # NOTE: Whenever you modify this file you should run the command | ||
+ | # " | ||
+ | # errors. | ||
+ | |||
+ | # | ||
[global] | [global] | ||
- | workgroup | + | unix extensions |
- | security = user | + | |
- | passdb backend | + | # UIDとGIDについてUNIX属性の値が反映されるようにする |
+ | # | ||
- | printing | + | # Samba 高速化 |
- | printcap | + | #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE |
- | load printers | + | socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 TCP_KEEPINTVL=10 TCP_KEEPCNT=5 |
- | cups options = raw | + | #max protocol = SMB2 |
+ | |||
+ | ## Browsing/ | ||
+ | |||
+ | # Change this to the workgroup/ | ||
+ | # | ||
+ | workgroup = MONSTERS-G | ||
+ | |||
+ | #### Networking #### | ||
+ | |||
+ | # The specific set of interfaces / networks to bind to | ||
+ | # This can be either the interface name or an IP address/ | ||
+ | # interface names are normally preferred | ||
+ | ; | ||
+ | |||
+ | # Only bind to the named interfaces and/or networks; you must use the | ||
+ | # ' | ||
+ | # It is recommended that you enable this feature if your Samba machine is | ||
+ | # not protected by a firewall or is a firewall itself. | ||
+ | # option cannot handle dynamic or non-broadcast interfaces correctly. | ||
+ | ; bind interfaces only = yes | ||
+ | |||
+ | |||
+ | |||
+ | #### Debugging/ | ||
+ | |||
+ | # This tells Samba to use a separate log file for each machine | ||
+ | # that connects | ||
+ | log file = / | ||
+ | |||
+ | # Cap the size of the individual log files (in KiB). | ||
+ | max log size = 1000 | ||
+ | |||
+ | # We want Samba to only log to / | ||
+ | # Append syslog@1 if you want important messages to be sent to syslog too. | ||
+ | | ||
+ | |||
+ | # Do something sensible when Samba crashes: mail the admin a backtrace | ||
+ | panic action = / | ||
+ | |||
+ | |||
+ | ####### Authentication ####### | ||
+ | |||
+ | # Server role. Defines in which mode Samba will operate. Possible | ||
+ | # values are " | ||
+ | # domain controller", | ||
+ | # directory domain controller" | ||
+ | # | ||
+ | # Most people will want " | ||
+ | # Running as " | ||
+ | # running " | ||
+ | # new domain. | ||
+ | | ||
+ | |||
+ | obey pam restrictions = yes | ||
+ | |||
+ | # This boolean parameter controls whether Samba attempts to sync the Unix | ||
+ | # password with the SMB password when the encrypted SMB password in the | ||
+ | # passdb is changed. | ||
+ | unix password sync = yes | ||
+ | |||
+ | # For Unix password sync to work on a Debian GNU/Linux system, the following | ||
+ | # parameters must be set (thanks to Ian Kahan << | ||
+ | # sending the correct chat script for the passwd program in Debian Sarge). | ||
+ | | ||
+ | | ||
+ | |||
+ | # This boolean controls whether PAM will be used for password changes | ||
+ | # when requested by an SMB client instead of the program listed in | ||
+ | # ' | ||
+ | pam password change = yes | ||
+ | |||
+ | # This option controls how unsuccessful authentication attempts are mapped | ||
+ | # to anonymous connections | ||
+ | map to guest = bad user | ||
+ | |||
+ | ########## Domains ########### | ||
+ | |||
+ | # | ||
+ | # The following settings only takes effect if ' | ||
+ | # classic domain controller', | ||
+ | # or ' | ||
+ | # | ||
+ | |||
+ | # It specifies the location of the user' | ||
+ | # profile directory from the client point of view) The following | ||
+ | # required a [profiles] share to be setup on the samba server (see | ||
+ | # below) | ||
+ | ; logon path = \\%N\profiles\%U | ||
+ | # Another common choice is storing the profile in the user's home directory | ||
+ | # (this is Samba' | ||
+ | # logon path = \\%N\%U\profile | ||
+ | |||
+ | # The following setting only takes effect if ' | ||
+ | # It specifies the location of a user's home directory (from the client | ||
+ | # point of view) | ||
+ | ; logon drive = H: | ||
+ | # logon home = \\%N\%U | ||
+ | |||
+ | # The following setting only takes effect if ' | ||
+ | # It specifies the script to run during logon. The script must be stored | ||
+ | # in the [netlogon] share | ||
+ | # NOTE: Must be store in ' | ||
+ | ; logon script = logon.cmd | ||
+ | |||
+ | # This allows Unix users to be created on the domain controller via the SAMR | ||
+ | # RPC pipe. The example command creates a user account with a disabled Unix | ||
+ | # password; please adapt to your needs | ||
+ | ; add user script = / | ||
+ | |||
+ | # This allows machine accounts to be created on the domain controller via the | ||
+ | # SAMR RPC pipe. | ||
+ | # The following assumes a " | ||
+ | ; add machine script | ||
+ | |||
+ | # This allows Unix groups to be created on the domain controller via the SAMR | ||
+ | # RPC pipe. | ||
+ | ; add group script = / | ||
+ | |||
+ | ############ | ||
+ | |||
+ | # Using the following line enables you to customise your configuration | ||
+ | # on a per machine basis. The %m gets replaced with the netbios name | ||
+ | # of the machine that is connecting | ||
+ | ; | ||
+ | |||
+ | # Some defaults for winbind (make sure you're not using the ranges | ||
+ | # for something else.) | ||
+ | ; idmap config * : backend = tdb | ||
+ | ; idmap config * : range = 3000-7999 | ||
+ | ; idmap config YOURDOMAINHERE : backend = tdb | ||
+ | ; idmap config YOURDOMAINHERE : range = 100000-999999 | ||
+ | ; | ||
+ | |||
+ | # Setup usershare | ||
+ | # with the net usershare command. | ||
+ | |||
+ | # Maximum number of usershare. 0 means that usershare is disabled. | ||
+ | # | ||
+ | |||
+ | # Allow users who've been granted usershare privileges to create | ||
+ | # public shares, not just authenticated ones | ||
+ | | ||
+ | |||
+ | # | ||
[homes] | [homes] | ||
- | comment = Home Directories | + | comment = Home Directories |
- | valid users = %S, %D%w%S | + | # |
- | browseable | + | |
- | read only = No | + | |
- | inherit acls = Yes | + | # By default, the home directories are exported read-only. Change the |
+ | # next parameter to ' | ||
+ | # read only = yes | ||
+ | read only = no | ||
+ | |||
+ | # File creation mask is set to 0700 for security reasons. If you want to | ||
+ | # create files with group=rw permissions, | ||
+ | | ||
+ | |||
+ | # Directory creation mask is set to 0700 for security reasons. If you want to | ||
+ | # create dirs. with group=rw permissions, | ||
+ | | ||
+ | |||
+ | # By default, \\server\username shares can be connected to by anyone | ||
+ | # with access to the samba server. | ||
+ | # The following parameter makes sure that only " | ||
+ | # to \\server\username | ||
+ | # This might need tweaking when using external authentication schemes | ||
+ | valid users = %S | ||
+ | |||
+ | # Un-comment the following and create the netlogon directory for Domain Logons | ||
+ | # (you need to configure Samba to act as a domain controller too.) | ||
+ | ; | ||
+ | ; | ||
+ | ; path = / | ||
+ | ; guest ok = yes | ||
+ | ; read only = yes | ||
+ | |||
+ | # Un-comment the following and create the profiles directory to store | ||
+ | # users profiles (see the "logon path" option above) | ||
+ | # (you need to configure Samba to act as a domain controller too.) | ||
+ | # The path below should be writable by all users so that their | ||
+ | # profile directory may be created the first time they log on | ||
+ | ; | ||
+ | ; | ||
+ | ; path = / | ||
+ | ; guest ok = no | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
[printers] | [printers] | ||
- | comment = All Printers | + | comment = All Printers |
- | path = /var/tmp | + | browseable = no |
- | printable = Yes | + | path = /var/spool/samba |
- | create mask = 0600 | + | |
- | browseable | + | guest ok = no |
+ | read only = yes | ||
+ | | ||
+ | # Windows clients look for this share name as a source of downloadable | ||
+ | # printer drivers | ||
[print$] | [print$] | ||
- | comment = Printer Drivers | + | comment = Printer Drivers |
- | path = / | + | |
- | write list = @printadmin | + | |
- | force group = @printadmin | + | read only = yes |
- | create mask = 0664 | + | guest ok = no |
- | directory mask = 0775 | + | # Uncomment to allow remote administration of Windows print drivers. |
+ | # You may need to replace ' | ||
+ | # admin users are members of. | ||
+ | # Please note that you also need to set appropriate Unix permissions | ||
+ | # to the drivers directory for these users to have write rights in it | ||
+ | ; write list = root, @lpadmin | ||
+ | [root$] | ||
+ | | ||
+ | path = / | ||
+ | # browseable = yes | ||
+ | read only = no | ||
+ | [DataShare] | ||
+ | comment = Data Share | ||
+ | path = / | ||
+ | browseable = yes | ||
+ | read only = no | ||
+ | |||
+ | wide links = yes | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | DietPi の設定例\\ | ||
+ | <WRAP prewrap 100% mincode_long> | ||
+ | <code autoconf / | ||
+ | [global] | ||
+ | unix extensions = no | ||
+ | |||
+ | # UIDとGIDについてUNIX属性の値が反映されるようにする | ||
+ | # | ||
+ | |||
+ | # Samba 高速化 | ||
+ | #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE | ||
+ | socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 TCP_KEEPINTVL=10 TCP_KEEPCNT=5 | ||
+ | #max protocol = SMB2 | ||
+ | # workgroup = WORKGROUP | ||
+ | workgroup = MONSTERS-G | ||
+ | server string = %h server | ||
+ | dns proxy = no | ||
+ | log file = / | ||
+ | max log size = 1000 | ||
+ | syslog only = no | ||
+ | syslog = 0 | ||
+ | |||
+ | panic action = / | ||
+ | |||
+ | security = user | ||
+ | encrypt passwords = true | ||
+ | passdb backend = tdbsam | ||
+ | obey pam restrictions = yes | ||
+ | unix password sync = yes | ||
+ | |||
+ | passwd program = / | ||
+ | passwd chat = *Enter\snew\s*\spassword: | ||
+ | pam password change = yes | ||
+ | map to guest = bad user | ||
+ | |||
+ | load printers = no | ||
+ | printcap name = /dev/null | ||
+ | disable spoolss = yes | ||
+ | |||
+ | [homes] | ||
+ | | ||
+ | # | ||
+ | | ||
+ | # read only = yes | ||
+ | read only = no | ||
+ | |||
+ | [DataShare] | ||
+ | comment = Data Share | ||
+ | path = / | ||
+ | browseable = yes | ||
+ | read only = no | ||
+ | wide links = yes | ||
+ | |||
+ | [dietpi] | ||
+ | comment = DietPi Share | ||
+ | path = / | ||
+ | browseable = yes | ||
+ | | ||
+ | directory mask = 0775 | ||
+ | valid users = dietpi | ||
+ | writeable = yes | ||
+ | max connections = 2 | ||
</ | </ | ||
</ | </ |