Библиотека сайта rus-linux.net
Chapter 11. Additional Samba Information
This chapter wraps up our coverage of the smb.conf configuration file with some miscellaneous options that can perform a variety of tasks. We talk briefly about options for time synchronization, internationalization, messages, and common Windows bugs. For the most part, you will use these options only in isolated circumstances.
Time Synchronization
In a network of computers, the systems on the network must agree on the current time and also on what time files have been modified. One example of the importance of synchronization is the roaming profiles we covered in Chapter 4. It is vital for all clients accessing a roaming profile to agree on what time it is and which client last modified the user's profile.
[global] time server = yes dos filetimes = yes fake directory create times = yes dos filetime resolution = yes delete readonly = yes
In Chapter 4, we showed you how to create a logon script that used the net time command to synchronize clients' clocks automatically when they log on to the domain. If your network is configured as a workgroup rather than a domain, you can still make use of net time by placing the command:
net time \\sambaserver /set /yes
Proper time synchronization is also important when operating in an Active Directory domain because Active Directory uses Kerberos authentication. When a Kerberos domain controller creates an authentication ticket for a client, the time is encoded into the challenge-and-response exchanges between the client and domain controller. If the client's clock disagrees with the server's clock, authentication can fail.
To provide proper time synchronization in Active Directory domains, Microsoft has adopted Network Time Protocol (NTP), using the name Windows Time Service for its implementation. For further information, the Microsoft white paper entitled The Windows Time Service can be downloaded from http://www.microsoft.com.
The nice thing about this is that NTP is the standard method for synchronizing Unix hosts on a network, so you can synchronize all your Unix systems (including the Samba server) and Windows systems with the following method:
-
Run NTP on the Unix systems in your network. For more information on using NTP, refer to http://www.ntp.org.
-
Use one of the Unix systems (such as the Samba host system) as an NTP server to serve Windows 2000/XP clients.
-
For other Windows clients, you might have to download an update from Microsoft to add Windows Time Service client support or use a third-party application such as the free analogX Atomic TimeSync (http://www.analogx.com). Or you can use the net time command to update the client's clock periodically, as discussed previously.
Time-Synchronization Options
To support roaming profiles, programmers accessing your Samba server, and other time-sensitive functions on your network, you'll want to be aware of the options listed in Table 11-1.
Table 11-1. Time-synchronization options
|
Option |
Parameters |
Function |
Default |
Scope |
|---|---|---|---|---|
|
|
Boolean |
If |
|
Global |
|
|
numeric |
Adds a specified number of minutes to the reported time |
|
Global |
|
|
Boolean |
Allows non-owners of a file to change its time if they can write to it |
|
Share |
|
|
Boolean |
Causes file times to be rounded to the next even second |
|
Share |
|
|
Boolean |
Sets directory times to avoid an MS nmake bug |
|
Share |
dos filetime resolution
The dos
filetime resolution parameter
is a share-level option. If set to yes, Samba
rounds file times to the closest 2-second boundary. This option
exists primarily to satisfy a quirk in Windows that prevents Visual
C++ from correctly recognizing that a file has not changed. You can
enable it as follows:
[data] dos filetime resolution = yes
fake directory create times
The fake
directory create
times option exists to keep PC
make programs sane. VFAT and NTFS filesystems
record the creation date of a specific directory, while Unix does
not. Without this option, Samba takes the earliest recorded date it
has for the directory (often the last-modified date of a file) and
returns it to the client. If this is not sufficient, set the
following option under a share definition:
[data] fake directory create times = yes
If set, Samba will adjust the directory create time it reports to the hardcoded value January 1, 1980. This is primarily used to convince the Visual C++ nmake program that any object files in its build directories are indeed younger than the creation date of the directory itself and need to be recompiled.
Magic Scripts
Magic Script Options
Table 11-2 lists the options that deal with magic scripts on the Samba server.
Table 11-2. Magic script options
|
Option |
Parameters |
Function |
Default |
Scope |
|---|---|---|---|---|
|
|
string (filename) |
File to be executed by Samba, as the logged-on user, when closed |
None |
Share |
|
|
string (filename) |
File to log output from the magic file |
scriptname.out |
Share |
magic script
If the magic
script option is set to a filename and the client
creates a file by that name in that share, Samba will run the file as
soon as the user has opened and closed it. For example,
let's assume that the following option was created
in the share [accounting]:
[accounting] magic script = tally.sh
Internationalization
Starting with Samba 3.0, Samba supports Unicode "on the wire," requiring no additional effort on your part to support filenames and other text containing characters in international character sets.
Internationalization Options
Samba 2.2.x has a limited ability to speak foreign tongues: if you need to support filenames containing characters that aren't in standard ASCII, some options that can help you are shown in Table 11-3.
Table 11-3. Internationalization options
|
Option |
Parameters |
Function |
Default |
Scope |
|---|---|---|---|---|
|
|
Described in this section |
Sets a code page to expect from clients |
850 |
Global |
|
|
Described in this section |
Translates code pages into alternate Unix character sets |
None |
Global |
|
|
Described in this section |
Translates code page 932 into an Asian character set |
None |
Global |
|
|
string (set of characters) |
Adds individual characters to a code page |
None |
Global |
client code page
The character sets on Windows platforms hark back to the original
concept of a code page. These code pages are used by DOS and
Windows clients to determine rules for mapping lowercase letters to
uppercase letters. Samba can be instructed to use a variety of code
pages through the use of the global
client code
page option to match the corresponding code page
in use on the client. This option loads a code page definition file
and can take the values specified in Table 11-4.
Table 11-4. Valid code pages with Samba 2.0
|
Code page |
Definition |
|---|---|
|
|
MS-DOS Latin (United States) |
|
|
Windows 95 Greek |
|
|
MS-DOS Latin 1 (Western European) |
|
|
MS-DOS Latin 2 (Eastern European) |
|
|
MS-DOS Icelandic |
|
|
MS-DOS Cyrillic (Russian) |
|
|
MS-DOS Japanese Shift-JIS |
|
|
MS-DOS Simplified Chinese |
|
|
MS-DOS Korean Hangul |
|
|
MS-DOS Traditional Chinese |
You can set the client code page as follows:
[global] client code page = 852
character set
The global character
set option can be used to convert filenames
offered through a DOS code page (see the previous section, Section 11.3.1.1) to equivalents that can be
represented by Unix character sets other than those in the United
States. For example, if you want to convert the Western European
MS-DOS character set on the client to a Western European Unix
character set on the server, you can use the following in your
configuration file:
[global]
client code page = 850
character set = ISO8859-1Note that you must include a client
code page option to specify the
character set from which you are converting. The valid character sets
(and their matching code pages) that Samba accepts are listed in
Table 11-5.
Table 11-5. Valid character sets
|
Character set |
Matching code page |
Definition |
|---|---|---|
|
|
|
Western European Unix |
|
|
|
Eastern European Unix |
|
|
|
Russian Cyrillic Unix |
|
|
737 |
Greek Unix |
|
|
|
Alternate Russian Cyrillic Unix |
coding system
The coding system
option is similar to the character
set option. However, its purpose is to determine
how to convert a Japanese Shift JIS code page into an appropriate
Unix character set. To use this option, the client
code page option described
previously must be set to page 932. The valid
coding systems that Samba accepts are listed in Table 11-6.
Table 11-6. Valid coding-system parameters
|
Character set |
Definition |
|---|---|
|
|
Standard Shift JIS |
|
|
Eight-bit JIS codes |
|
|
Eight-bit JIS codes |
|
|
Eight-bit JIS codes |
|
|
Eight-bit JIS codes |
|
|
Eight-bit JIS codes |
|
|
Eight-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
Seven-bit JIS codes |
|
|
JUNET codes |
|
|
JUNET codes |
|
|
JUNET codes |
|
|
JUNET codes |
|
|
JUNET codes |
|
|
JUNET codes |
|
|
EUC codes |
|
|
Three-byte hexadecimal code |
|
|
Three-byte hexadecimal code (Columbia AppleTalk Program) |
valid chars
The valid chars option
can be used to add individual characters to a code page. You can use
this option as follows:
valid chars = н valid chars = 0450:0420 0x0A20:0x0A00 valid chars = A:a
If you use this option, it must be listed after the
client code
page to which you wish to add the character.
Windows Messenger Service
One of the odd features of SMB protocol is its ability to send text messages between computers. Although both the name and functionality are similar to that of Windows Messenger, the two are not the same. Windows Messenger (also called MSN Messenger) is an Internet-oriented instant messenging service, while Windows Messenger Service is an older and simpler LAN-oriented service. Using the Windows Messenger Service, messages can be addressed to users, individual computers, or entire workgroups on the network.
The WinPopup tool (Winpopup.exe), shown in Figure 11-1, can be used on Windows 95/98/Me to send or receive messages. WinPopup is a handy tool for sending messages. However, to receive messages, it must already be running when the message is sent from the remote system.
Figure 11-1. Sending a message from a Windows 95/98/Me system (left); receiving a message (right)
On Windows NT/2000/XP, the messenger service lets you receive messages without having an application already running; messages will automatically appear in a small dialog box on the screen when received, as shown in Figure 11-2.
Figure 11-2. Receiving a message on a Windows 2000 system
C:\>net send maya "Who's There?"The message was successfully sent to MAYA.
Windows Messenger Service Configuration Option
Samba has a single option to handle Windows Messenger Service,
message command, as shown in
Table 11-7.
Table 11-7. Windows Messenger Service configuration option
|
Option |
Parameter |
Function |
Default |
Scope |
|---|---|---|---|---|
|
|
string (shell command) |
Sets a command to run on Unix when a WinPopup message is received |
None |
Global |
message command
Samba's
message command
option defines the command that will run on the server when a Windows
Messenger Service message arrives. The command will be executed as
the guest account user. What to
do with messages is questionable because most Samba hosts run as
unattended servers. One solution is to mail the messages to root like
this:
[global] message command = /bin/mail -s "SMB Message From %f on %m" root <%s; rm %s
In addition to the standard variables, Table 11-8
shows the three unique variables that you can use in a
message command.
Table 11-8. message command variables
|
Variable |
Definition |
|---|---|
|
|
The name of the file in which the message resides |
|
|
The name of the system that sent the message |
|
|
The name of the system that is the destination of the message |
Miscellaneous Options
Many Samba options are available to deal with operating system issues on either Unix or Windows. In particular, some of these options are used for setting limits for clients' use of resources on the Unix server. The options shown in Table 11-9 deal with some of these issues.
Table 11-9. Miscellaneous options
|
Option |
Parameters |
Function |
Default |
Scope |
|---|---|---|---|---|
|
|
numeric (minutes) |
Number of minutes of inactivity before a connection should be terminated. |
|
Global |
|
|
string (command) |
Used to specify a command that returns free disk space in a format recognized by Samba. |
None |
Global |
|
|
|
Filesystem type reported by the server to the client. |
|
Global |
|
|
numeric (seconds) |
Number of seconds between checks for an inoperative client. |
|
Global |
|
|
numeric (MB) |
Largest disk size to return to a client, some of which have limits. Does not affect actual operations on the disk. |
|
Global |
|
|
numeric |
Maximum number of simultaneous SMB operations that clients can make. |
|
Global |
|
|
numeric |
Limits number of open files to be below Unix limits. |
|
Global |
|
|
numeric |
Specifies the maximum packet size that Samba will send. |
|
Global |
|
|
Boolean |
Turns off an NT/2000/XP support feature; for benchmarking or in case of an error. |
|
Global |
|
|
Boolean |
Turns off an NT/2000/XP support feature; for benchmarking or in case of an error. |
|
Global |
|
|
Boolean |
Remaps out-of-range lock requests used on Windows to fit in allowable range on Unix. Turning it off causes Unix lock errors. |
|
Global |
|
|
string |
Command to run if Samba server fails; for debugging. |
None |
Global |
|
|
Boolean |
If |
|
Global |
|
|
Boolean |
If |
|
Global |
|
|
Boolean |
If |
|
Global |
|
|
Boolean |
If |
|
Global |
|
|
Boolean |
If |
|
Global |
|
|
numeric (seconds) |
Interval between checks when a client asks to wait for a change in a specified directory. |
|
Global |
|
|
Boolean |
If |
|
Global |
|
|
numeric |
Number of entries in the stat cache. |
|
Global |
deadtime
[global] deadtime = 10
dfree command
[global] dfree command = /usr/local/bin/dfree
#!/bin/sh df $1 | tail -1 | awk '{print $2" "$4}'
On System V machines, the following will work:
#!/bin/sh /usr/bin/df $1 | tail -1 | awk '{print $3" "$5}'
fstype
This share-level option sets the type of filesystem that Samba reports when queried by the client. Three strings can be used as a value to this configuration option, as listed in Table 11-10.
Table 11-10. Filesystem types
|
Value |
Definition |
|---|---|
|
NTFS |
Microsoft Windows NT filesystem |
|
FAT |
DOS FAT filesystem |
|
Samba |
Samba filesystem |
[data] fstype = FAT
max disk size
[global] max disk size = 1000
The default value for this option is 0, which
means there is no upper limit.
nt pipe support
This global option is used by developers to allow or disallow Windows NT/2000/XP clients the ability to make connections to NT-specific SMB IPC$ pipes. As a user, you should never need to override the default:
[global] nt pipe support = yes
set directory
This Boolean share-level option allows Digital Pathworks clients to
use the setdir command to change directories on
the server. If you are not using the Digital Pathworks client, you
should not need to alter this option. The default value for this
option is no. You can override it per share as
follows:
[data] set directory = yes
change notify timeout
The change
notify timeout global option
emulates a Windows NT/2000 SMB feature called change
notification. This allows a client to request
that a Windows NT/2000 server periodically monitor a specific
directory on a share for any changes. If changes occur, the server
will notify the client.
[global] change notify timeout = 30