Samba configuration for RHCE special learning

I. Why is samba used? The reason is that Samba is the first to build a bridge between Linux and Windows. The emergence of Samba allows us to communicate with each other between Linux and Windows, for example, copying files and sharing resources among different operating systems, we can build a file server with very powerful functions, it can also be set up as a printing server to provide local and remote online printing, or even we can use sambaServer to completely replace

I. Why samba:

The reason is that Samba is the first to build a bridge between the Linux and Windows platforms. The emergence of Samba allows us to communicate with each other between the Linux and Windows systems, for example, copying files and sharing resources among different operating systems, we can build a file server with very powerful functions, it can also be set up as a printing Server to provide local and remote online printing. Even we can use samba Server to completely replace the domain controller in windows for domain management, which is very convenient to use.

2. Samba application environment
(1) file and printer sharing: file and printer sharing is the main function of Samba. the SMB process shares resources and publishes files and printers to the network for users to access.
(2) authentication and permission settings: the smbd service supports authentication and permission setting modes such as user mode and domain mode to protect shared files and printers through encryption.
(3) Name resolution: Samba can build an NBNS (NetBIOS Name Service) server through the nmbd Service, provide Name resolution, and resolve the NetBIOS Name of the computer to an IP address.
(4) browsing service: in the LAN, the Samba server can be the local host browsing server (LMB) to save the list of available resources. When a client accesses a Windows network neighbor, the browser list is provided, displays shared directories, printers, and other resources.

Iii. How samba works:

The Samba service is powerful. SMB not only provides directory and printer sharing, but also supports authentication and permission settings. In the early stages, SMB was running on the NBT protocol (NetBIOS over TCP/IP), using UDP 137, 138, and TCP 139 ports. Later SMB was developed, it can run directly on the TCP/IP protocol without any additional NBT layer and uses port 445 of the TCP protocol.

Samba workflow:
--------- (1) ---------> ---------- (2) ----> smb. conf main configuration file
[Client] [Samba server]
-------- (4) ----------> ---------- (3) --------> Log File

(1) The client requests access to the Share directory on the Samba server.
(2) After receiving the request, the Samba server queries the main configuration file smb. conf to check whether the Share directory is shared. If this directory is shared, it checks whether the client has access permissions.
(3) the Samba server records the access information in the log file. The name and path of the log file must be set.
(4) If the client meets the access permission settings, allow the client to access

4. samba Configuration

(1): Main configuration file:/etc/samba/smb. conf

The configuration file contains 288 rows. There are three parts:

1. Introduction to samba configuration, mainly explaining the functions implemented by samba

2: selinux configuration: linux settings

You can set selinux according to your needs:

3. Global Settings: Global Settings

(1) workgroup = WORKGROUP # workgroup name
# Server string = Samba Server Version % v # Description field
Interfaces = lo0 eth0 eth1 # Listening on those interfaces, which can be configured as ip addresses, network segments, interfaces, and other formats
Hosts allow = 127. 192.168.12. 192.168.13. # Access Control

(2) five security level modes:

Share Security Level Mode
The client can log on to the samba server without entering the user name and password to browse the resources of the samba server. www.linuxidc.com is applicable to public shared resources and has poor security. Therefore, you must use other permission settings, this ensures the security of samba servers.
User security mode
When a client logs on to the samba server, it must submit a valid account and password to access the shared resources only after being verified by the server. The server is in this mode by default.
Server Security Level Mode
The client needs to submit the user name and password to a specified samba server for verification. If an error occurs during verification, the client will use user-level access.
Domain Security Level Mode
If the samba server is added to the windows domain environment, the authentication overalls will be handled by the windows domain controller. The domain-level samba server is only a member client of the domain and does not have the server features, early versions of samba use this level to log on to windows Domain drops.
Ads Security Level Model
When the samba server is added to the windows domain environment with the ads security level, it has all the functions in the domain security level mode and can have the functions of the domain controller.

4. shared directory settings: user shared directory settings

[Test100] --- set the sharing name and name it at will
Path =/test100 set the path to be shared
Public = no prohibit anonymous access, if allowed, set yes
Readonly = no can be read and written, if read-only is yes
Wirtable = yes: whether write operations are allowed. no is allowed.
Wirte list = RedHat3001 redhat3002 redhat3003 Writable User list
Browsable = yes whether browsing is allowed

Set Anonymous Access
Public = yes # Allow Anonymous Access
Public = no # prohibit Anonymous Access
Set access user
Valid users = User Name
Valid users = @ group name

Set Directory read-only
Readonly = yes # Read-Only
Readonly = no # read/write
Set Directory Writable
Writable = yes # read/write
Writable = no # Read-Only
Write list format:
Write list = User Name
Write list = @ group name

For more configurations, see the options in the smb. conf file.