NAME
smbd - 向客户提供SMB/CIFS服务的服务器
总览 SYNOPSIS
smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>][-p <port number>] [-O <socket option>] [-s <configuration file>]
描述 DESCRIPTION
此程序是Samba(7) 套件的一部分。
smbd 是向Windows客户机提供文件共享和打印服务的服务器进程。该服务器用SMB(或CIFS)协议向客户提供文件存放空间和打印服务。它与LanManager协议兼容并能向使用此协议的客户提供服务。这些客户端包括MSCLIENT 3.0 for DOS,Windows for Workgroups,Windows 95/98/ME,Windows NT,Windows 2000, OS/2,DAVE for Macintosh, 和smbfs for Linux。
用来控制服务属性的配置文件的手册页中对服务器可提供的服务进行了详细的描述(参见 smb.conf (5))。此手册不描述提供的服务但集中讲述了对管理服务器运行等方面的问题描述。
请注意对服务器运行有关的非常重要的安全性问题,同时在进行安装处理前也应该仔细阅读smb.conf (5)手册。
只要有客户请求就会建立一个对话。对每个对话,每个客户获得服务器的一份复本。在对话期间此复本对所有客户产生的连接进行服务。当来自此客户的所有连接都关闭时,此客户的服务器复本也退出。
服务器所包含的配置文件和其它任何文件都会在每次更改后自动重新装入。你可以通过对服务器发送一个SIGHUP信息来强制一次重新装入。重新装入配置文件对已建立的任何对服务的连接均无效。要么用户必须断开服务,要么将smbd进程中止并重启。
选项 OPTIONS
- -D
- 如果指定此选项,则服务器以后台进程方式运行。即,它会分离本身并在后台运行,在适当的端口上监听请求。对于提供比临时性的文件和打印服务更多内容的服务器,推荐将smbd 以后台进程方式运行。如果在shell命令行运行smbd ,将默认使用这个选项。
- -F
- If specified, this parameter causes the main smbd process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service each connection request, but the main process does not exit. This operation mode is suitable for running smbd under process supervisors such as supervise and svscan from Daniel J. Bernstein's daemontools package, or the AIX process monitor.
- -S
- If specified, this parameter causes smbd to log to standard output rather than a file.
- -i
- If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this parameter negates the implicit deamon mode when run from the command line. smbd also logs to standard output, as if the -S parameter had been given.
- -V
- 打印smbd的版本号。
- -s <configuration file>
- 指定的文件包含了服务器所需的配置细节。此文件中的信息包含如所用的printcap文件这样的服务器详细信息,同时也对服务器所提供的服务进行了描述。请参见smb.conf (5)文件。缺省的配置文件名在软件包编译时决定。
- -d|--debug=debuglevel
- debuglevel 是一个从0到10的整数。如果没有指定此参数则默认的值是0。
如果这个值越高,越多关于服务器的详细活动信息将被记录到文件中。在0调试级时,只记录紧急错误和严重警告。对于平日的运行服务,1调试级是个合理的等级,它只产生小量的关于执行操作的信息。
1以上的调试级将产生相当多的记录数据,并且只在解决问题时才有用。3以上的调试级只被设计为让开发者使用并会产生极大数量的记录数据,而且其中很多部分非常难以理解。
注意在此使用这个参数将越过在smb.conf (5)文件中的log level参数。
- -l|--logfile=logbasename
- 用来记录/调试的文件。会自动为它添加 ".client" 扩展名。客户端不会将记录文件删除。
- -h|--help
- 打印smbd的命令行参数(用法)。
- -b
- Prints information about how Samba was built.
- -l <log directory>
- If specified, log directory specifies a log directory into which the "log.smbd" log file will be created for informational and debug messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size option in the smb.conf(5) file. Beware: If the directory specified does not exist, smbd will log to the default debug log location defined at compile time.
The default log directory is specified at compile time.
- -p <port number>
- port number 端口号是个正值整数。如果此选项未指定则缺省值为139。
这个端口号用于从客户端建立对服务器的连接。基于TCP上的SMB所用的标准(通常使用的)端口号为139,因此这是缺省值。如果你希望作为普通用户而不是root身份运行服务器的话,多数系统会要求你使用1024以上的端口号 - 如有此情况请向系统管理员取得帮助。
为了使更多客户使用服务器,而又在139以外的端口进行配置,则你需要在端口139上进行端口重定向,在rfc1002.txt的4.3.5部分有详细的描述。
除上述情况以外,此选项通常不用。
文件 FILES
- /etc/inetd.conf
- 如果通过inetd 超级进程来运行服务器,则此文件必须含有适当的启动信息。
- /etc/rc
- (或其它你的系统所用的初始化脚本)。
如果在启动时以后台进程模式运行服务器,则此文件须包含适当的服务器启动次序。
- /etc/services
- 如果通过inetd超级进程来运行服务器,则此文件必须包含一份服务端口(如139)和协议类型(如tcp)与对应的服务名(如netbios-ssn)的映射。
- /usr/local/samba/lib/smb.conf
- 缺省的服务器配置文件 smb.conf(5)的存放位置。系统安装此文件的其它通常位置为 /usr/samba/lib/smb.conf和/etc/samba/smb.conf。
此文件描述了客户可获得的服务项的情况。参见smb.conf(5)获得更多情况。
限制 LIMITATIONS
在有些系统上,smbd无法在一次setuid()调用以后把uid返回到root。这样的系统称为“陷门”(trapdoor)uid系统。如果你使用这样的系统,将无法同时在一个客户端(如一台PC机)以两个不同的用户身份进行连接。试图连接第二个用户将得到“访问被拒”或类似的结果。
环境变量 ENVIRONMENT VARIABLES
- PRINTER
- 如果对可打印服务没有指定打印名称,多数系统将使用此变量(如果未定义此变量则用lp )的值作为可用打印机的名称。但并不是服务器特定的。
PAM INTERACTION
Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply:
- *
- Account Validation: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to login at this time. This also applies to encrypted logins.
- *
- Session Management: When not using share level secuirty, users must pass PAM's session checks before access is granted. Note however, that this is bypassed in share level secuirty. Note also that some older pam configuration files may need a line added for session support.
版本 VERSION
此手册页是针对samba套件版本3.0的。
诊断 DIAGNOSTICS
通常情况下诊断信息都记录到指定好的记录文件中。这个文件的名称是在编译时指定的,但也可以用命令行来指定。
用户可以得到的诊断信息的数量和种类取决于用户执行客户端程序时所用的调试等级。如果你发现有问题的话,把调试级设到3并详细阅读记录文件里的内容。
很多信息都无须加以说明。不幸的是,在写手册页时,源代码中有着太多的诊断信息,它们保证了对每种情况都加以描述,却无法写入文档。在此时,你最好还是用grep查找源代码并检查引起诊断信息的条件。
信号 SIGNALS
向smbd发送一个SIGHUP信号可以使它在一个很短时间内重新装入smb.conf配置文件。
我们 不 推荐你使用SIGKILL (-9)来终止smbd进程除非这是最后的方法,因为这样做可能导致名字数据库不一致。正确的方法是发送SIGTERM (-15)信号并等待程序自行结束。
另外,smbd程序的调试记录等级也可以通过smbcontrol(1) 调高或者调低。(向程序发送一个SIGUSR1或SIGUSR2信号(kill -USR2 <nmbd-pid>)的方法在Samba2.2 中已经不再使用。) 通过使用这样的方法可以诊断一些暂时的问题,同时仍然可以在一个正常的并且较低的记录等级来运行。
Note that as the signal handlers send a debug write, they are not re-entrant in smbd. This you should wait untilsmbd is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance.
参见 SEE ALSO
hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), 还有互联网草案 rfc1001.txt, rfc1002.txt. 另外,CIFS (从前的 SMB) 规约可以在 http://samba.org/cifs/网页上找到链接。
#p#
NAME
smbd - server to provide SMB/CIFS services to clients
SYNOPSIS
- smbd [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number(s)>] [-O <socket option>] [-s <configuration file>]
DESCRIPTION
smbd is the server daemon that provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible with the LanManager protocol, and can service LanManager clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux.
An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see smb.conf(5). This man page will not describe the services, but will concentrate on the administrative aspects of running the server.
Please note that there are significant security implications to running this server, and the smb.conf(5) manual page should be regarded as mandatory reading before proceeding with installation.
A session is created whenever a client requests one. Each client gets a copy of the server for each session. This copy then services all connections made by the client during that session. When all connections from its client are closed, the copy of the server for that client terminates.
The configuration file, and any files that it includes, are automatically reloaded every minute, if they change. You can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to disconnect from the service, or smbd killed and restarted.
OPTIONS
- -D
- If specified, this parameter causes the server to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. Operating the server as a daemon is the recommended way of running smbd for servers that provide more than casual use file and print services. This switch is assumed if smbd is executed on the command line of a shell.
- -F
- If specified, this parameter causes the main smbd process to not daemonize, i.e. double-fork and disassociate with the terminal. Child processes are still created as normal to service each connection request, but the main process does not exit. This operation mode is suitable for runningsmbd under process supervisors such as supervise and svscan from Daniel J. Bernstein's daemontools package, or the AIX process monitor.
- -S
- If specified, this parameter causessmbd to log to standard output rather than a file.
- -i
- If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this parameter negates the implicit deamon mode when run from the command line. smbd also logs to standard output, as if the -S parameter had been given.
- -V
- Prints the program version number.
- -s <configuration file>
- The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf for more information. The default configuration file name is determined at compile time.
- -d|--debug=debuglevel
- debuglevel is an integer from 0 to 10. The default value if this parameter is not specified is zero.
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the smb.conf file.
- -l|--logfile=logdirectory
- Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.
- -h|--help
- Print a summary of command line options.
- -b
- Prints information about how Samba was built.
- -p <port number(s)>
- port number(s) is a space or comma-separated list of TCP ports smbd should listen on. The default value is taken from the ports parameter in smb.conf
The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP).
FILES
- /etc/inetd.conf
- If the server is to be run by theinetd meta-daemon, this file must contain suitable startup information for the meta-daemon.
- /etc/rc
- or whatever initialization script your system uses).
If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server.
- /etc/services
- If running the server via the meta-daemon inetd, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp).
- /usr/local/samba/lib/smb.conf
- This is the default location of the smb.conf(5) server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/samba/smb.conf.
This file describes all the services the server is to make available to clients. See smb.conf(5) for more information.
LIMITATIONS
On some systems smbd cannot change uid back to root after a setuid() call. Such systems are called trapdoor uid systems. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once. Attempts to connect the second user will result in access denied or similar.
ENVIRONMENT VARIABLES
- PRINTER
- If no printer name is specified to printable services, most systems will use the value of this variable (or lp if this variable is not defined) as the name of the printer to use. This is not specific to the server, however.
PAM INTERACTION
Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the obey pam restrictions smb.conf(5) paramater. When this is set, the following restrictions apply:
- *
- Account Validation: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to login at this time. This also applies to encrypted logins.
- *
- Session Management: When not using share level secuirty, users must pass PAM's session checks before access is granted. Note however, that this is bypassed in share level secuirty. Note also that some older pam configuration files may need a line added for session support.
VERSION
This man page is correct for version 3.0 of the Samba suite.
DIAGNOSTICS
Most diagnostics issued by the server are logged in a specified log file. The log file name is specified at compile time, but may be overridden on the command line.
The number and nature of diagnostics available depends on the debug level used by the server. If you have problems, set the debug level to 3 and peruse the log files.
Most messages are reasonably self-explanatory. Unfortunately, at the time this man page was created, there are too many diagnostics available in the source code to warrant describing each and every diagnostic. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the diagnostics you are seeing.
TDB FILES
Samba stores it's data in several TDB (Trivial Database) files, usually located in /var/lib/samba.
(*) information persistent across restarts (but not necessarily important to backup).
- account_policy.tdb*
- NT account policy settings such as pw expiration, etc...
- brlock.tdb
- byte range locks
- browse.dat
- browse lists
- connections.tdb
- share connections (used to enforce max connections, etc...)
- gencache.tdb
- generic caching db
- group_mapping.tdb*
- group mapping information
- locking.tdb
- share modes & oplocks
- login_cache.tdb*
- bad pw attempts
- messages.tdb
- Samba messaging system
- netsamlogon_cache.tdb*
- cache of user net_info_3 struct from net_samlogon() request (as a domain member)
- ntdrivers.tdb*
- installed printer drivers
- ntforms.tdb*
- installed printer forms
- ntprinters.tdb*
- installed printer information
- printing/
- directory containing tdb per print queue of cached lpq output
- registry.tdb
- Windows registry skeleton (connect via regedit.exe)
- sessionid.tdb
- session information (e.g. support for 'utmp = yes')
- share_info.tdb*
- share acls
- winbindd_cache.tdb
- winbindd's cache of user lists, etc...
- winbindd_idmap.tdb*
- winbindd's local idmap db
- wins.dat*
- wins database when 'wins support = yes'
SIGNALS
Sending the smbd a SIGHUP will cause it to reload its smb.conf configuration file within a short period of time.
To shut down a user's smbd process it is recommended that SIGKILL (-9) NOT be used, except as a last resort, as this may leave the shared memory area in an inconsistent state. The safe way to terminate an smbd is to send it a SIGTERM (-15) signal and wait for it to die on its own.
The debug log level of smbd may be raised or lowered using smbcontrol(1) program (SIGUSR[1|2] signals are no longer used since Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.
Note that as the signal handlers send a debug write, they are not re-entrant in smbd. This you should wait untilsmbd is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance.
SEE ALSO
hosts_access(5), inetd(8), nmbd(8), smb.conf(5), smbclient(1), testparm(1), testprns(1), and the Internet RFC'srfc1001.txt, rfc1002.txt. In addition the CIFS (formerly SMB) specification is available as a link from the Web page http://samba.org/cifs/.