samba配置项

最新推荐文章于 2024-10-30 15:31:38 发布

原创最新推荐文章于 2024-10-30 15:31:38 发布 · 6.6k 阅读

8 ·

CC 4.0 BY-SA版权

文章标签：

#samba

Linux操作专栏收录该内容

27 篇文章

订阅专栏

本文主要介绍了Samba的配置项，包括与性能、并发相关的设置，以及常用的共享资源访问控制参数。在配置过程中应注意max open files参数，过小的值可能导致Samba无法正常启动。建议查阅官方文档和相关教程获取详细信息。

1. samba配置项

通过当前所使用系统查看samba的global全部配置项（" testparm -v "，部分项有简单说明）如下：
--------------------------------------------------------------------------------------------------------------------------------
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = WORKGROUP #设置工作组名称
realm =
netbios name = UBUNTU
netbios aliases =
netbios scope =
server string = %h server (Samba, Ubuntu) #设置SAMBA服务器名称
interfaces =
bind interfaces only = No
security = USER #用于登陆域，或用户验证登陆
auth methods =
encrypt passwords = Yes #设置用户密码加密
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Bad User
null passwords = No #是否允许空密码
obey pam restrictions = Yes
password server = *
smb passwd file = /etc/samba/smbpasswd #设置口令文件的路径
private dir = /etc/samba
passdb backend = tdbsam
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = Yes #是否为samba打开pam改变密码控制机制的支持
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0 #在win9x下密码最多出现大写字母的个数,因为9x是使用平文传送密码的
username level = 0
unix password sync = Yes
restrict anonymous = 0
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
client use spnego principal = No
send spnego principal = No
preload modules =
dedicated keytab file =
kerberos method = default
map untrusted to domain = No
log level = 2 #日志级别 0 表示没有，3 一般比较合理
syslog = 0 #syslog的日志级(0,err)(1,warning)
syslog only = No #是否只使用系统日志而关闭samba日志
log file = /var/log/samba/log.%m #日志文件
max log size = 1000 #日志文件的大小
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = Yes
debug pid = No
debug uid = No
debug class = No
enable core files = Yes
smb ports = 445 139
large readwrite = Yes #使能一次读写128K，否则64K
max protocol = NT1
min protocol = CORE
min receivefile size = 0
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
log writeable files on exit = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
client ldap sasl wrapping = plain
enable asu support = No
svcctl list =
deadtime = 0
getwd cache = Yes #是否使用 cache 功能
keepalive = 300 #服务器每隔多少秒向客户端发送keepalive包
lpq cache time = 30
max smbd processes = 0 #最大允许并发samba进程数
paranoid server security = Yes
max disk size = 0
max open files = 16384 #同一个客户端最多能打开的文件数目
socket options = TCP_NODELAY #设置服务器和客户之间会话的socket选项
use mmap = Yes
hostname lookups = No
name cache timeout = 660
ctdbd socket =
cluster addresses =
clustering = No
ctdb timeout = 0
ctdb locktime warn threshold = 0
smb2 max read = 65536
smb2 max write = 65536
smb2 max trans = 65536
smb2 max credits = 8192
load printers = Yes
printcap cache time = 750
printcap name =
cups server =
cups encrypt = No
cups connection timeout = 30
iprint server =
disable spoolss = No
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 256
stat cache = Yes
machine password timeout = 604800
add user script =
rename user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
username map script =
username map cache time = 0
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
init logon delayed hosts =
init logon delay = 100
os level = 20 #操作系统级别，winNT4.0服务器-33 如果数值高于33，samba就成为local master browers不管网络中是否存在winNT4.0
lm announce = Auto
lm interval = 60
preferred master = No
local master = Yes #使nmbd试着在子网中成为master browse(储存子网中所有的netbios name 所对应ip的列表)
domain master = Auto #使nmbd成为广域网的netbios name 所对应ip的列表，任务是同步所有子网中local master的列表。因此使各终端得到整个域的浏览列表，如果设置了domain logons = yes 那么domain master默认是yes
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
lock spin time = 200
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl = start tls
ldap ssl ads = No
ldap deref = auto
ldap follow referral = Auto
ldap timeout = 15
ldap connection timeout = 2
ldap page size = 1024
ldap user suffix =
ldap debug level = 0
ldap debug threshold = 10
eventlog list =
add share command =
change share command =
delete share command =
preload =
lock directory = /var/run/samba
state directory = /var/lib/samba
cache directory = /var/cache/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
nmbd bind explicit broadcast = Yes
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
registry shares = No
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = Yes
usershare path = /var/lib/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
allow insecure wide links = No
async smb echo handler = No
multicast dns register = Yes
panic action = /usr/share/samba/panic-action %d
perfcount module =
host msdfs = Yes
passdb expand explicit = No
idmap backend = tdb
idmap cache time = 604800
idmap negative cache time = 120
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind reconnect delay = 30
winbind max clients = 200
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind expand groups = 1
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind rpc only = No
create krb5 conf = Yes
ncalrpc dir = /var/ncalrpc
winbind max domain connections = 1
idmap config * : backend = tdb
comment =
path =
username =
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
administrative share = No
guest ok = No
only user = No
hosts allow =
hosts deny =
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
aio write behind =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
smb encrypt = auto
block size = 1024
change notify = Yes #异常通知
directory name cache size = 100
kernel change notify = Yes
max connections = 0 #最大允许传输连接数
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
print notify backchannel = Yes
print ok = No
printing = cups
cups options =
print command =
lpq command = %p
lprm command =
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = Yes
force printername = No
printjob username = %U
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = Yes
store dos attributes = No
dmapi support = No
browseable = Yes
access based share enum = No
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
share modes = Yes
dfree cache time = 0
dfree command =
copy =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = No
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
------------------------------------------------------------

2. 与samba性能、并发等有关的项

socket options #设置服务器和客户之间会话的socket选项
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
getwd cache #是否缓存上一次文件操作的目录项等记录 getwd cache = yes
deadtime #客户端无操作多少分钟后服务器中断连接 deadtime = 10
keepalive #服务器每隔多少秒向客户端发送keepalive包 keepalive = 300
用于确认客户端是否异常
max smbd processes #最大允许并发samba进程数
max connections #最大允许传输连接数，达到上限后samba进程仍会创建
max open files #同一个客户端最多能打开的文件数目 max open files = 50
change notify timeout #设置服务器周期性异常通知 change notify timeout = 90
log level #设置samba日志级别 log level = 1
Samba 生成的每条日志消息都有一个级别，即从 0 到 10 的一个整数。较高级的消息，比如新连接和重要错误，具有较低的级别。消息调试具有较高的级别。通过指定您想记录的日志的最大级别，可以控制日志量。级别为 1 的日志仅记录优先级为 0 或 1 的消息。如果您想要更多的日志记录，可以使用一个较高的数字。
max log size #日志文件大小 max log size = 100

read size = 512
read raw = yes #读优化、低延时，启用的效果可能提升性能也可能降低性能，需根据实际的网络情况和测试结果决定是否启用
write raw = yes #写优化、低延时，与read raw类似，需看实际网络和测试结果
large readwrite = yes #支持新的64位流式读写，能够提升性能
use sendfile = yes #默认no
aio read size = 16384 #异步I/O读写
aio write size = 16384 #异步I/O读写
write cache size = 262144 #允许writer将数据存储在内存缓存而不刷新至磁盘，同时reader也可直接从内存缓存读取
max xmit = 65536 #服务器通知客户端其最大允许接收的大小
strict locking = no
fake oplocks = yes #只有一个用户，或者都是只读用户时，开启会提升性能
oplocks = no

各配置项详细说明参见：http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
http://book.51cto.com/art/201108/282390.htm

3. 常用的共享资源访问控制参数

[global]
admin users = admin #设置共享资源管理员
bind interfaces only = yes #设置interface是否只对Samba服务器提供文件服务有效，对浏览服务的广播无效。也就是说Windows客户端可以在网上邻居中查看到Samba服务器，但不能访问
interfaces = lo br0 br1 eth2.2 #设置允许Samba服务侦听的本地网络接口
hosts allow：192.168.169. 192.168.139. #配置允许访问的客户端
hosts deny：192.168.1. #配置拒绝访问的客户端
map to guest = Never
[toppy]
browseable #指定共享的路径是否可浏览（默认可以） browseable = no
available #指定共享的资源是否可用 available = no
read only #指定共享的路径是否只读 read only = yes
writable #指定共享的路径是否可写 writable = yes
read list #设置只读访问用户列表 read list = tom,@stuff
write list #设置读写访问用户列表 write list = tom,@stuff
public #指定是否可以允许guest帐号访问 public = yes
guest accout #指定一般性客户的帐号 guest accout = nobody
guest ok #指定是否可以允许guest帐号访问 guest ok = yes
guest only #指定是否只允许guest帐号访问 guest only = yes
valid users #指定允许使用服务的用户列表 valid users = tom,@stuff
invalid users #指定禁止使用服务的用户列表 invalid users = tom,@stuff
wide links #设置是否允许共享外连接 wide links = no
veto files #参数阻止客户端上传含有特定关键字的文件或目录到Samba服务器共享资源
create mask = 0664
directory mask = 0775

另外，提醒一个问题，我在嵌入式linux上配置 max open files = 20时，samba进程无法正常启动，因此，该项不能设置过小。

有些系统默认值 max open files = 16384