Deployment of samba enterprise-level file servers in CentOS6.5

Deployment of samba enterprise-level file servers in CentOS6.5

1. Lab requirements:

1) Use the RPM package to install the samba Service

2) Implement anonymous access to verify that files and directories can be read and written.

3) implement access from a specified user

4) implement access by the specified user and grant different permissions to the user

5) access the user's alias and test the permission

6) restrict specific access addresses

7) access Shared Resources in windows

2.Lab environment:

Linux Server: Red Hat Enterprise Linux 6.5IP: 192.168.10.3

Windows Client: Windows 7 Ultimate x64 IP: 192.168.10.2

Samba Software Version: samba-3.6.9

3.Tutorial steps:

Basic installation operations

A.Mount the system disk and install samba

To install the samba service, you need to install the rpm package. The rpm installation package is generally stored in the Packages directory on the system disk. First, run the mount command to check whether the disk is mounted to the system.

If no disk is attached, manually mount the disc to the mnt directory of the system.

Check whether the disc has been attached.

Find the samba service package in the Packages directory and install

B.View samba configuration files

After samba is installed, we need to modify the configuration file if we want the server to work as required.

You can use rpm-qc to view the installation location of a document with installed software.

The conf configuration file is not displayed, but according to experience, the conf configuration file will be placed in the/etc directory, find the/etc/samba/directory, and find the main configuration file smb. conf

[Root @ localhost ~] # More/etc/samba/smb. conf view the content in the file. It is found that the content is very long and there are many # comments.

For convenience, we can filter out all rows with # numbers and save the filtered file content as another file smb. con:

[Root @ localhost ~] # Grep-v "#"/etc/samba/smb. conf>/etc/samba/smb. con

Check that smb is already available. con file, it is recommended that the original. do not delete the configuration file at the end of conf. You can create a backup for it by name to prevent future configuration errors.

[Root @ localhost ~] # Cd/etc/samba # Switch to the samba directory

[Root @ localhost samba] # mv smb. confsmb. conf. back # back up the conf file

[Root @ localhost samba] # mv smb. consmb. conf # rename smb. con to smb. conf

Implement anonymous access to verify that files and directories can be read and written.

[Root @ localhostsamba] # vi smb. conf # Open the master configuration file

[Global]

Workgroup = MYGROUP

Server string = Samba Server Version % v

; Netbios name = MYSERVER

; Interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

; Hosts allow = 127. 192.168.12. 192.168.13.

Log file =/var/log/samba/log. % m

Max log size = 50

Security = share

Passdb backend = tdbsam

The above is the configuration content in the [global] global mode, and others can be kept by default. We are concerned that if anonymous access is to be implemented, you only need to modify the security level to share (the default is user)

Configure the share directory and insert the following lines at the end of the configuration file:

[Share] # specify the share Name of the Directory

Path =/opt/share # specify the share directory

Public = yes # public = guest OK, set to yes to allow anonymous users to access

Browseable = yes # allows anonymous users to view shared content

Writable = yes # Set the write permission.

Createmask = 0644 # Set the permission for creating a new file. This indicates that the owner has the read and write permissions. Other users only have the read-only permission (rw-r --)

Directory mask = 0755 # Set the permission for creating a directory. This indicates that the owner has the read and write permissions, and others do not have the write permission (rwxr-xr-x)

A.The modified script:

[Root @ localhostsamba] # mkdir/opt/share # create a share directory

[Root @ localhostsamba] # chmod 777/opt/share # change the permission to 777

[Root @ localhostsamba] # service smb start # start the samba service

[Root @ localhostsamba] # netstat-ant # view the network port status

Ports of samba 139 and 445 are being monitored. The samba service is normal. You can test the ports on the client. Firewall and selinux must be disabled before testing.

[Root @ localhost samba] # service iptables stop

Iptables: Set the chain to policy ACCEPT: filter [OK]

Iptables: clear firewall rules: [OK]

Iptables: uninstalling module: [OK]

[Root @ localhost samba] # setenforce 0

B.Effect verification:

Test whether the server can be pinged on the client

Enter \ 192.168.10.3 in the search box of the Start menu to view the shared folder named share.

Go to the folder to create a new file and folder. You can write any content to the file and create a new file under the folder. The settings in the file are the same as those in the configuration file. Anonymous Access is successful.

Go back to the server and check the newly created file when an anonymous user accesses the shared folder. It is found that the owner and group are both nobody, the permission for creating new files is 644, and the permission for folders is 755.

Nobody is a system account, and the newly created anonymous access will be displayed as nobody

Implement access for a specified user

Because the access is performed by the specified user, you only need to modify security in [global] global mode.

Set the default security level to user

Security = user

The following is a configuration based on the specific shared directory. Insert the following line at the end of the configuration file to create a sharing configuration for the test directory, so that the user is not allowed to access it anonymously.

[Test] # specify the shared name of the Directory

Path =/opt/test # specify the shared test directory

Browseable = yes # Set to view shared content

Writable = yes # Set the write permission.

Createmask = 0644 # Set the permission for creating a new file. This indicates that the owner has the read and write permissions. Other users only have the read-only permission (rw-r --)

Directory mask = 0755 # Set the permission for creating a folder. This indicates that the owner has the read and write permissions, and others do not have the write permission (rwxr-xr-x)

Users in the system can also access the shared directory, but we want to use samba's own account to access it. create two new samba accounts and do not set their passwords, in this way, they can be used as samba users but cannot log on to the system.

[Root @ localhost samba] # useradd jery # create accounts jery and jene

[Root @ localhost samba] # useradd jene

[Root @ localhost samba] # smbpasswd-ajery # Set the account to the samba user and set the password

New SMB password:

Retype new SMB password:

Added user jery.

[Root @ localhost samba] # smbpasswd-ajene

New SMB password:

Retype new SMB password:

Added user jene.

[Root @ localhost samba] #

[Root @ localhost samba] # pdbedit-L # view the information of the newly created samba account

Jery: 500:

Jene: 501:

[Root @ localhost samba] # mkdir/opt/test # create a shared directory test

[Root @ localhost samba] # chmod 777/opt/test # modify the permission to 777

[Root @ localhost samba] # service smbrestart # restart the samba service. reload can also be used here, But reload does not completely disconnect from the client when the configuration is reloaded. restart is used for testing.

Disable the SMB service: [OK]

Start the SMB service: [OK]

A.Modified script

B.Effect verification

Before testing, clear the previous connection on the client. Otherwise, the shared directory will be directly accessed because of the cache.

Enter \ 192.168.10.3 \ test in the search box of the Start Menu. In the displayed dialog box, enter the jery account and password.

Jery users can log on and perform read and write operations on the shared directory test.

Create a file named jery in the shared directory and return to the server to view the permission for this file. The file is displayed as jery.

Allows you to access specified users and grant different permissions to users.

Then, in order to test the different permissions of the accessed users, add the following two lines to the [test] Configuration:

Valid users = jery, jene # Allow the two users to access

Write list = jene # Only jene users can write

A.Modified script

B.Effect verification

[Root @ localhostsamba] # service smb restart # restart the service

Disable the SMB service: [OK]

Start the SMB service: [OK]

Net use */d on the client to clear the connection

Log on to jery this time and test writing files.

At this time, we clearly set that only jene can be written. Why can we still write files when logging in with jery? Let's go back to the server and check the configuration file.

Therefore, to make the configuration take effect, you must delete the writable = yes configuration line.

[Root @ localhostsamba] # service smb restart # restart the service

Disable the SMB service: [OK]

Start the SMB service: [OK]

Clear the connection (net use */d), log in as jery, and find that the file is rejected when it is created.

Return to the server and write a line of content to the test file:

[Root @ localhostsamba] # echo "this is test">/opt/test/test.txt

The file named test on the client is rejected when you open the file and add a line of content to it.

Log out of jery, clear the connection, and log in with jene. jene writes files and folders.

Access the user's alias and test the permission

The samba directory contains a smbusers file, which is used to set the alias.

[Root @ localhostsamba] # vi smbusers

Open this file, add a line of jene = t01 t02 t03 at the end of the file, which is equivalent to three aliases for jene. All the other three usernames are mapped to jene, And the password remains unchanged, the actual login account is still jene

Add username map =/etc/samba/smbusers configuration ing Association in [global] of the main configuration file, and the user name points to the content set in the smbusers file.

A.Modified script

B.Effect verification

[Root @ localhostsamba] # service smb restart # restart the service

Disable the SMB service: [OK]

Start the SMB service: [OK]

The client clears the connection (net use */d)

Log on to \ 192.168.10.3 with the t01 account

A shared folder named jene is added because the configuration of the [homes] Home Directory is included in the global configuration. Whoever logs in will share his home directory, because t01 is mapped to the jene account, you can also see that your home directory is shared when you log on to jene. You can perform any operations in the shared folder of the home directory.

Create a new file named iamt01 in the test folder, and return to the server to check the properties of this file. The owner and group are jene, which proves whether to log on to jene, and the same is true for logging on to t02 and t03, I will not perform more tests here.

Restrict specific access addresses

To deny access, you only need to add a line in the master configuration file [test]: hosts deny = 192.168.10. 10.0.0. #192.168.10. it indicates the IP address range 192.168.10.0, so that the host cannot access the IP address range. In this case, two IP address ranges 192.168.10.0 and 10.0.0.0 are denied.

A.Modified script

B.Effect verification

[Root @ localhostsamba] # service smb restart # restart the service

Disable the SMB service: [OK]

Start the SMB service: [OK]

The client clears the connection (net use */d)

This time, the account t02 is used to access other shared folders. However, because the IP address of the client is 192.168.10.2, access is denied in the network segment of the test shared folder. Therefore, when the test folder is opened, access is denied.

Allows you to access Shared Resources in windows.

We shared a folder named LAMP on the client (win7 system ).

[Root @ localhost samba] # smbclient-L192.168.10.2 # list shared resources in the client

[Root @ localhost samba] # mount. cifs // 192.168.10.2/LAMP/tmp/# If you want to access this LAMP folder, mount LAMP to the tmp directory of the server.

[Root @ localhost ~] # Df-hT # Check the mounting status. The mounting status has been attached.

View the content in the mounted tmp directory. All files in LAMP are tar packages.

[Root @ localhost samba] # cp/tmp/apr-1.4.6.tar.gz ~ # Copy a compressed file to the root directory (the root directory can be/root or directly written ~)

[Root @ localhostsamba] # umount/tmp # unmount mounted LAMP from the tmp directory

After the tmp directory is uninstalled, the files and directories in the original tmp directory are displayed.

4.Experiment summary:

1) The samba Service implements the Microsoft SMB/CIFS network protocol in the Linux system. When deploying the windows and Linux hybrid platforms in the enterprise environment, it can effectively solve the problem of file mutual access between different systems, making file sharing easier and very powerful.

2) The samba service provides several practical access sharing permissions, as well as access control for server clients. When modifying the configuration file, be sure to check whether the configuration of each permission conflict or omission, you can perform more permission tests.