Here is what I have discovered through some testing of various options.
I am assuming that where possible you would want to use the latest of whatever if you can.
Note this post is about setting up a SERVER. If you are trying to setup a client to connect to an old version of samba on a NAS this is not for you.
There are a couple of key parms that are protocol related. These are the
client max protocol
and
ntlm auth
What we are trying to do is setup a SAMBA server that can provide shares to: Linux/Unix clients, WIN7 clients, and Win-XP clients.
We are no longer providing shares to Win98 or earlier clients.
Reading the man page for smb.conf explains all the protocol options and it also gives which versions of windows require which versions of the protocol.
Using that as a starting point I come up with the /etc/smb.conf file below. The key protocol dependent parts are underlined with ^^^^^^ so you can search for that if you find the whole file TL;DR
This file has several features enabled that enhance security such as bind interfaces only etc. It is a real production file; I did not excessively edit it for this post.
Using this smb.conf I can:
Access from Win-XP using two different userid's, to two different home dirs and have the read/write permissions work OK.
From XP also access the DEFAULT and TEMP shares as a guest (no login)
From Win7 machine ditto.
From Linux Mint19 machine, using different userids, smbclient works, mount -t cifs (as described by altair4) works, and mounts from nemo using smb://server/sharename also work.
So everything on my home LAN can talk to my Mint19 based SAMBA server machine.
pgmer6809
Code: Select all
# Global parameters
[global]
bind interfaces only = Yes
client max protocol = SMB2_02
#+ ^^^^^^^^ need SMB2_02 for XP. SMB2 defaults to SMB2_10 which is WIN7 and later.
default service = DEFAULT
dns proxy = No
interfaces = lo enp3s0
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
name resolve order = bcast lmhosts host
ntlm auth = ntlmv1-permitted
#+ ^^^^^^^^^^^^^^^^ ntlm auth = yes gives this. Needed for XP, since XP can't do ntlmv2
obey pam restrictions = Yes
os level = 34
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
server role = standalone server
server string = %h server (Samba, Mint19)
smb passwd file = passdb.tdb
socket options = TCP_NODELAY IPTOS_LOWDELAY
username map = /etc/samba/smbusers
usershare prefix allow list = /tmp /home /media
workgroup = GOODGUYS
idmap config * : backend = tdb
hosts allow = 192.168.0.0/8 192.168.1.0/8 localhost
invalid users = root bin daemon adm sys sync shutdown halt mail news uucp operator gopher
[homes]
browseable = No
comment = Home Directories
create mask = 0740
#+ ^^^^ Group is r/o no write. no exec.
directory mask = 0750
force directory mode = 03000
#+ ^^^^^ SGID bit and 'restricted delete bit' forced to ONE.
read only = No
valid users = %S
[DEFAULT]
comment = A directory with general help instructions, at least one README file. Default Share for Unsuccessful Connections
#+ Should probably create files with DOS line endings in this dir, or valid windows .hlp files for WinPC clients.
guest ok = Yes
path = /Data/Public/sambadefault
[TEMP]
comment = A wide open directory for testing. Allow guests to create files.
create mask = 0660
directory mask = 0770
guest ok = Yes
path = /Data/Public/TEMP
read only = No
[EXCG]
comment = Directory for sharing files among group myusers
create mask = 0660
directory mask = 0770
force directory mode = 03000
path = /Data/Shares/EXCG
read only = No
valid users = adminuser plainuser noobuser
[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers