Samba

From Christoph's Personal Wiki
Revision as of 01:08, 7 June 2007 by Christoph (Talk | contribs)

Jump to: navigation, search

Samba is a free software re-implementation of SMB/CIFS networking protocol, released under the GNU General Public License.

Samba (smb/cifs) and iptables

As an example Samba-share setup, assume the Windows machine ("Samba server") has an IP address of 128.35.125.23, your Linux machine ("Samba client") has an IP address of 10.0.32.145, and the Linux machine is behind a dedicated firewall (which does NAT).

The only iptables rules you will need to implement are FORWARD all "source" requests (Linux box) via TCP on ports 139 and 445 with a jump target of "ACCEPT".

The following two rules will allow the above traffic: 

-A FORWARD -s 10.0.32.0/24 -d 128.35.125.23 -p tcp -m tcp --dport 139 -m mark --mark 0x1/0x1 -j ACCEPT
-A FORWARD -s 10.0.32.0/24 -d 128.35.125.23 -p tcp -m tcp --dport 445 -m mark --mark 0x1/0x1 -j ACCEPT

where -s is your "source" IP address and -d is your "destination".

Note that,

  • TCP/UDP 137 (NETBIOS Name Service aka netbios-ns)
  • TCP/UDP 138 (NETBIOS Datagram Service aka netbios-dgm)
  • TCP/UDP 139 (NETBIOS session service aka netbios-ssn)
  • TCP/UDP 445 (Microsoft Naked CIFS aka microsoft-ds; Win2k/XP)

Test-mount your Samba share

As root, 

mount -t cifs //128.35.125.23/path /mnt/samba -o username=username

Automount a Samba share

If you would like to automount your Samba shares, you can place the line below in your /etc/fstab: 

//128.35.125.23/path /mnt/samba cifs username=username,password=password 0 0

where cifs might need to be smbfs, depending on your filesystem setup.

However, if you do not want your username and password in a text file that anyone can read, you can create a file in, for an example, /etc/samba/smbpasswd with the following two lines: 

username=username
password=password

Then, 

chmod 600 /etc/samba/smbpasswd

Now, edit your /etc/fstab and replace the line with: 

//128.35.125.23/path /mnt/samba cifs credentials=/etc/samba/smbpasswd 0 0

Permissions

It is possible to set the mount uid, gid, and umasks for file/directory create/deletion/overwrite with the following set of options: 

gid=100,file_mode=0644,dir_mode=0755

External links

Firewall

Retrieved from "http://wiki.christophchamp.com/index.php?title=Samba&oldid=4058"