Samba Protocol Changes for servers

Write tutorials for Linux Mint here
More tutorials on https://github.com/orgs/linuxmint/discu ... /tutorials and (archive) on https://community.linuxmint.com/tutorial
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Post Reply
pgmer6809
Level 4
Level 4
Posts: 228
Joined: Sun Mar 04, 2012 9:06 pm

Samba Protocol Changes for servers

Post by pgmer6809 »

There have been several excellent posts by among others, altair4, on the subject of samba.
Here is what I have discovered through some testing of various options.
I am assuming that where possible you would want to use the latest of whatever if you can.

Note this post is about setting up a SERVER. If you are trying to setup a client to connect to an old version of samba on a NAS this is not for you.

There are a couple of key parms that are protocol related. These are the
client max protocol
and
ntlm auth

What we are trying to do is setup a SAMBA server that can provide shares to: Linux/Unix clients, WIN7 clients, and Win-XP clients.
We are no longer providing shares to Win98 or earlier clients.

Reading the man page for smb.conf explains all the protocol options and it also gives which versions of windows require which versions of the protocol.
Using that as a starting point I come up with the /etc/smb.conf file below. The key protocol dependent parts are underlined with ^^^^^^ so you can search for that if you find the whole file TL;DR :(
This file has several features enabled that enhance security such as bind interfaces only etc. It is a real production file; I did not excessively edit it for this post.
Using this smb.conf I can:
Access from Win-XP using two different userid's, to two different home dirs and have the read/write permissions work OK.
From XP also access the DEFAULT and TEMP shares as a guest (no login)
From Win7 machine ditto.
From Linux Mint19 machine, using different userids, smbclient works, mount -t cifs (as described by altair4) works, and mounts from nemo using smb://server/sharename also work.
So everything on my home LAN can talk to my Mint19 based SAMBA server machine.
pgmer6809

Code: Select all

# Global parameters
[global]
	bind interfaces only = Yes
	client max protocol = SMB2_02
#+                        ^^^^^^^^ need SMB2_02 for XP. SMB2 defaults to SMB2_10 which is WIN7 and later. 
	default service = DEFAULT
	dns proxy = No
	interfaces = lo enp3s0
	log file = /var/log/samba/log.%m
	map to guest = Bad User
	max log size = 1000
	name resolve order = bcast lmhosts host
	ntlm auth = ntlmv1-permitted
#+              ^^^^^^^^^^^^^^^^ ntlm auth = yes gives this. Needed for XP, since XP can't do ntlmv2
	obey pam restrictions = Yes
	os level = 34
	panic action = /usr/share/samba/panic-action %d
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	passwd program = /usr/bin/passwd %u
	security = USER
	server role = standalone server
	server string = %h server (Samba, Mint19)
	smb passwd file = passdb.tdb
	socket options = TCP_NODELAY IPTOS_LOWDELAY
	username map = /etc/samba/smbusers
	usershare prefix allow list = /tmp /home /media
	workgroup = GOODGUYS
	idmap config * : backend = tdb
	hosts allow = 192.168.0.0/8 192.168.1.0/8 localhost
	invalid users = root bin daemon adm sys sync shutdown halt mail news uucp operator gopher


[homes]
	browseable = No
	comment = Home Directories
	create mask = 0740
#+                ^^^^ Group is r/o no write. no exec.
	directory mask = 0750
	force directory mode = 03000
#+                         ^^^^^ SGID bit and 'restricted delete bit' forced to ONE.
	read only = No
	valid users = %S


[DEFAULT]
	comment = A directory with general help instructions, at least one README file. Default Share for Unsuccessful Connections
#+ Should probably create files with DOS line endings in this dir, or valid windows .hlp files for WinPC clients.
	guest ok = Yes
	path = /Data/Public/sambadefault


[TEMP]
	comment = A wide open directory for testing. Allow guests to create files.
	create mask = 0660
	directory mask = 0770
	guest ok = Yes
	path = /Data/Public/TEMP
	read only = No


[EXCG]
	comment = Directory for sharing files among group myusers
	create mask = 0660
	directory mask = 0770
	force directory mode = 03000
	path = /Data/Shares/EXCG
	read only = No
	valid users = adminuser plainuser noobuser


[printers]
	browseable = No
	comment = All Printers
	create mask = 0700
	path = /var/spool/samba
	printable = Yes


[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
Post Reply

Return to “Tutorials”