Steps for installing and configuring the Samba server in CentOS

Recently, a shared server in the company experienced a fault. Previously, it was used as a shared server of windows server 2003. Therefore, we wanted to re-build a shared server and use CentOS 6.5 + Samba.

1. Install Samba

1. Use yum for installation. The dependent packages samba-common, samba-winbind-clients, and libsmbclient will be installed automatically.
1
# Yum install samba-client-y
2. Samba command
You can use/etc/init. d/smb start/stop/restart/status to start, close, restart, and view the Samba service status.
3. Set startup
1
# Chkconfig -- level 35 smb on

2. Configure Samba

The main configuration file of Samba is/etc/samba/smb. conf.
The configuration file consists of two parts:
Global Settings)
This setting is related to the overall running environment of the Samba service. Its setting items are for all shared resources.
Share Definitions (Share parameters)
This setting is specific to the shared directory and only applies to the current shared resources.
Global settings:
---------------------------------------- [Global] ------------------------------------
Config file =/usr/local/samba/lib/smb. conf. % m
Config file allows you to use another configuration file to overwrite the default configuration file. If the file does not exist, this option is invalid. This parameter is useful and makes samba configuration more flexible. A samba server can simulate multiple servers with different configurations. For example, if you want PC1 (host name) to use its own configuration file when accessing the Samba Server, configure an smb name for PC1 under/etc/samba/host. conf. pc1 file, and then in smb. add: config file =/etc/samba/host/smb to conf. conf. % m. In this way, when PC1 requests to connect to the Samba Server, smb. conf. % m is replaced with smb. conf. pc1. In this way, for PC1, the Samba service it uses is defined by smb. conf. pc1, while other machines still use smb. conf to access the Samba Server.
Workgroup = WORKGROUP
Set the workgroup or domain to which the Samba Server is to join.
Server string = Samba Server Version % v
Set the Samba Server comment, which can be any string or not. Macro % v indicates that the Samba version is displayed.
Netbios name = smbserver
Set the NetBIOS name of the Samba Server. If this parameter is not specified, the first part of the DNS name of the server is used by default. Do not set netbios name and workgroup name to the same.
Interfaces = lo eth0 192.168.0.1/24 192.168.1.1/24
Set which NICs the Samba Server listens to. You can write the nic name or the IP address of the NIC.
Hosts allow = 192.168.0.1 192.168.1.1
Allows you to connect to the client of Samba Server. Multiple parameters are separated by spaces. It can be expressed by an IP address or a CIDR block. Hosts deny is the opposite of hosts allow.
Example: hosts allow = 192.168.0.20.t192.168.0.10
Allow host connection from 192.168.0. *, but exclude 192.168.0.10
Hosts allow = 192.168.0.0/255.255.255.0
Allow all host connections from the 192.168.0.0/255.255.255.0 subnet
Hosts allow = M1, M2
Allow connections from M1 and M2 computers
Hosts allow = @ test
Allow all computers from the test domain to connect
Max connections = 0
Max connections is used to specify the maximum number of connections to the Samba Server. If the number of connections is exceeded, new connection requests are rejected. 0 indicates no restriction.
Deadtime = 0
Deadtime is used to set the time to disconnect a connection that does not open any file. The unit is minutes. 0 indicates that the Samba Server does not automatically disconnect any connection.
Time server = yes/no
Time server is used to set the time server for making nmdb a windows client.
Log file =/var/log/samba/log. % m
Set the storage location and name of the Samba Server log file. Add a macro % m (host name) after the file name to record a log file for each machine accessing the Samba Server. If pc1 and pc2 have accessed the Samba Server, log. pc1 and log. pc2 are left in the/var/log/samba directory.
Max log size = 50
Set the maximum size of Samba Server log files, in kB. 0 indicates no limit.
Security = user
Sets the authentication method for users to access the Samba Server. There are four authentication methods.
1. share: users do not need to provide user names and passwords to access the Samba Server, and their security performance is low.
2. user: The Samba Server shared directory can only be accessed by authorized users. The Samba Server is responsible for checking the correctness of accounts and passwords. The account and password must be created in this Samba Server.
3. server: relies on other Windows NT/2000 or Samba Server to verify the user's account and password. It is a proxy authentication. In this mode, the system administrator can centralize all Windows users and passwords on an NT system and use Windows NT for Samba authentication. The remote server can automatically authenticate all users and passwords, if authentication fails, Samba uses the user-level security mode as an alternative.
4. domain: domain security level. The primary domain controller (PDC) is used for authentication.
Passdb backend = tdbsam
Passdb backend is the meaning of the user background. There are currently three backend types: smbpasswd, tdbsam, and ldapsam.
1. smbpasswd: This method uses the smb tool smbpasswd to set a Samba password for system users (real users or virtual users). The client uses this password to access Samba resources. The smbpasswd file is in the/etc/samba directory by default, but you sometimes need to create this file manually.
2. tdbsam: This method uses a database file to create a user database. The database file is called passdb. tdb, which is in the/etc/samba directory by default. Passdb. tdb user databases can use smbpasswd-a to create Samba users, but the Samba users to be created must first be system users. We can also use the pdbedit command to create a Samba account. The pdbedit command has many parameters. We will list several main parameters.
Pdbedit-a username: Create a Samba account.
Pdbedit-x username: delete the Samba account.
Pdbedit-L: list Samba users and read the passdb. tdb database files.
Pdbedit-Lv: list detailed information about the Samba user list.
Pdbedit-c "[D]"-u username: suspend the account of this Samba user.
Pdbedit-c "[]"-u username: restore the Samba user's account.
3. ldapsam: The LDAP-based account management method is used to authenticate users. First, create the LDAP service, and then set "passdb backend = ldapsam: ldap: // LDAP Server"
Encrypt passwords = yes/no
Whether to encrypt the authentication password. This option is usually enabled because encrypted passwords are used in windows. However, the configuration file is enabled by default.
Smb passwd file =/etc/samba/smbpasswd
Defines the password file of samba users. If the smbpasswd file does not exist, you need to create it manually.
Username map =/etc/samba/smbusers
Used to define user name Ing. For example, you can replace root with administrator and admin. However, it must be defined in the smbusers file in advance. For example, root = administrator admin. In this way, you can use administrator or admin to log on to Samba Server instead of root, which is closer to windows users.
Guest account = nobody
Set the guest user name.
Socket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
The Socket option used to set the session between the server and the client to optimize the transmission speed.
Domain master = yes/no
Set whether the Samba server is used as the primary domain browser. The primary domain browser can manage cross-subdomain browsing services.
Local master = yes/no
The local master is used to specify whether the Samba Server attempts to become the main browser of the local domain. If it is set to no, it will never become the main browser of the local domain. However, even if it is set to yes, it does not mean that the Samba Server can become the main browser, but also needs to participate in the election.
Preferred master = yes/no
Setting the Samba Server to force the election of the primary browser when it starts, can improve the chance that the Samba Server will become the primary browser of the local domain. If this parameter is set to yes, it is best to set domain master to yes. When using this parameter, note that if the Samba Server's subnet contains other machines (whether windows NT or other Samba servers, these machines will broadcast on the network for the Master Browser, affecting network performance.
If multiple Samba servers exist in the same region, set the preceding three parameters to one.
OS level = 200
Set the OS level of the samba server. This parameter determines whether the Samba Server has the opportunity to become the main browser of the local domain. The OS level ranges from 0 to 255. The OS level of winNT is 32, and the OS level of win95/98 is 1. The OS level of Windows 2000 is 64. If it is set to 0, the Samba Server will lose the browser selection. If you want to make the Samba Server a PDC, set its OS level value to a greater value.
Domain logons = yes/no
Set whether the Samba Server is configured as the local controller. This option must be enabled for both the master domain controller and backup domain controller.
Logon script = % u. bat
When a user logs on to a windows client, Samba provides a logon file. If it is set to % u. bat, a login file is provided for each user. If there are many people, it is more troublesome. You can set a specific file name, such as start. bat. After logging on, the user will execute start. bat, instead of setting a login file for each user. This file should be placed in the directory path set in the path of [netlogon.
Wins support = yes/no
Set whether the samba Server provides the wins Service.
Wins server = wins server IP address
Set whether the Samba Server uses another wins Server to provide the wins Service.
Wins proxy = yes/no
Set whether the Samba Server enables the wins proxy service.
Dns proxy = yes/no
Set whether the dns proxy service is enabled for the Samba Server.
Load printers = yes/no
Set whether to share the printer when Samba is started.
Printcap name = cups
Set the configuration file for the shared printer.
Printing = cups
Set the Samba shared printer type. The supported printing systems include bsd, sysv, plp, lprng, aix, hpux, and qnx.
Sharing parameters:
------------------------------------- Share Definitions --------------------------------
[Share name]

Comment = any string
Comment is the description of the share, which can be any string.
Path = shared directory path
The path is used to specify the path of the shared directory. You can use macros such as % u and % m to replace the Netbios names of unix users and clients in the path. They are mainly used for [homes] shared domains. For example, if we do not want to use the home segment as the customer's share, but create a directory for each Linux user under/home/share, as his shared object, the path can be written as: path =/home/share/% u ;. When a user connects to the shared object, the specific path will be replaced by the user name. Note that the path of the user name must exist. Otherwise, the client cannot find the network path during access. Similarly, if we do not divide directories by users, but by clients, create a path for each machine on the network that can access samba with its netbios name as the shared resources of different machines. You can write it as follows: path =/home/share/% m.
Browseable = yes/no
Browseable is used to specify whether the share can be browsed.
Writable = yes/no
Writable is used to specify whether the shared path is writable.
Available = yes/no
Available is used to specify whether the shared resource is available.
Admin users = manager of the shared account
Admin users is used to specify the share administrator (with full control permissions on the share ). In samba 3.0, this item is invalid if the user authentication method is set to "security = share.
For example, admin users = david and sandy (multiple users are separated by commas ).
Valid users = users allowed to access the share
Valid users is used to specify the users allowed to access the shared resource.
For example, valid users = david, @ dave, @ tech (multiple users or groups are separated by commas (,). If you want to join a group, use "@ group name .)
Invalid users = forbidden to access the shared user
Invalid users is used to specify users that are not allowed to access the shared resource.
For example, invalid users = root, @ bob (multiple users or groups are separated by commas .)
Write list = users allowed to write data to this share
Write list is used to specify the users who can write files under the share.
Example: write list = david, @ dave
Public = yes/no
Public is used to specify whether the share allows access by the guest account.
Guest OK = yes/no
The same as "public ".
After Samba is configured, you can use the testparm command to test whether the smb. conf configuration is correct. You can use the testparm-v command to list the configuration parameters supported by smb. conf.

3. linux client access

1. View the shared information of the Samba Server

# Smbclient-L // IP address of the Samba server-U Samba user name
 
"-L" indicates the meaning of list, and "-U" indicates the user. If the Samba server has no password for access, you can omit "-U Samba user name ".

2. Log on to the Samba Server

# Smbclient // IP address of the Samba server-U Samba user name
 
After logon, can I enter? View all available commands

3. Mount Directory

Files shared by the Samba server can also be mounted on the Linux client.

Mount-t cifs-l // Samba server IP/public/mnt/samba/
Tips:

In windows, when accessing other file resources through "\ IP address", you usually need to enter the password for the first time, and then directly log on without entering the password, so what if we want to switch to another Samba user? You can execute the following command in windows:
Run the "net use" command on the cmd command line to view the existing connections,
Run "net use \ Samba server IP address or netbios name \ ipc $/del" to delete the connections that have been established on the Samba server. Or run "net use */del" to delete all connections.

Finally, when "\ IP address" is executed again, the user can be switched.

Case 1:

The company has a working group workgroup. You need to add the samba Server as the file server and publish the shared directory/share, which is named share, which is accessible to all employees.

1. Modify the configuration file

# ----------------------------- Global Settings --------------------------------
 
[Global] // This setting is related to the overall runtime environment of the Samba service. Its configuration items are for all shared resources.
 
# ----------------------- Network Related Options -------------------------
 
Workgroup = WORKGROUP // defines the working group concept in windows.
 
Server string = David Samba Server Version % v // brief description of the Samba server definition
 
# --------------------------- Logging Options -----------------------------
 
Log file =/var/log/samba/log. % m // defines the log file of Samba users. % m represents the client host name.
 
// The Samba server creates different log files for each login host in the specified directory.
 
# ----------------------- Standalone Server Options ------------------------
 
Security = share // shared level, which can be accessed without an account or password
 
# ---------------------------- Share Definitions ----------------------------------
 
[Share] // The setting is specific to the shared directory and only works for the current shared resource.
 
Comment = Public Stuff // The description file for the shared directory. You can define the description file yourself.
 
Path =/share // it is required to specify the shared directory.
 
Public = yes // available to all users, equivalent to guest OK = yes

2. Create a shared directory

# Mkdir share // The above shared directory is set to/share, so you need to create this directory
 
# Chowm-R nobody: nobody share // to grant the nobody permission to the/share directory because anonymous users need to download or upload shared files.

3. Restart the smb service

#/Etc/init. d/smb restart

Case 2:

The company has multiple departments. The TS department data is stored in the/ts Directory of the samba server for centralized management for TS personnel to browse, the directory is only accessible to TS employees.

1. Add TS department groups and users

# Groupadd ts
 
# Useradd-g ts aaa
 
# Useradd-g ts bbb

2. Create a ts folder under the root directory

# Mkdir ts

3. Add the user to the samba account

# Smbpasswd-a aaa
 
# Smbpasswd-a bbb
 
You are required to enter a password when adding an account. This password is the password used to log on to the shared server.

4. Modify the configuration file

# ---------------------------- Global Settings --------------------------------
 
[Global]
 
# ----------------------- Network Related Options -------------------------
 
Workgroup = WORKGROUP
 
Server string = David Samba Server Version % v
 
# --------------------------- Logging Options -----------------------------
 
Log file =/var/log/samba/log. % m
 
# ----------------------- Standalone Server Options ------------------------
 
Security = user // user level. The Samba server that provides the service is responsible for checking the account and password.
 
# ---------------------------- Share Definitions -------------------------------
 
[Homes] // Set the user's home directory
 
Comment = Home Directories
 
Browseable = no
 
Writable = yes
 
[Share]
 
Comment = Public Stuff
 
Path =/share
 
Public = yes
 
[Ts] // ts Group Directory, which can be accessed only by ts Group members
 
Comment = TS
 
Path =/ts
 
Valid users = @ ts

5. Restart the service

#/Etc/init. d/smb restart

Case 3:

Different users have different permissions to access the same shared directory for ease of management and maintenance.
A. Requirements
1. A company has five major departments: Personnel Administration Department, Finance Department, technical support department, project department, and customer service department.
2. Folders of each department are only accessible to employees of the department. Files of Exchange nature between departments are placed in public folders.
3. Each department has an administrator account for Managing Folders in the department and an account that can only create and view files.
4. Public folders are divided into folders for storing tools and folders for storing files shared by various departments.
5. Department administrators have full control permissions on their own folders. Common users of different departments can create new files and folders under the folder, in addition, you have full control over the files and folders you have created. Only files and folders created and uploaded by the administrator can be accessed and cannot be changed or deleted. Users who are not in this department cannot access the folder in this department.
6. The Department administrator has full control permissions on the shared folders shared by all departments in the public folders. Common users of each department can create new files and folders in the shared folders, in addition, you have full control over the files and folders you have created. Only files and folders created and uploaded by the administrator can be accessed and cannot be changed or deleted. When users of this Department (including administrators and common users) access shared folders of other departments, they can only view the shared folders, but cannot modify and delete new ones. Only the administrator has the permission to store the folder of the tool. Other users can only access the folder.

B. Planning

1. Separate a Company partition in the system partition, which has the following folders: HR, FM, TS, PRO, CS, and Share. The following folders are available under Share: HR, FM, TS, PRO, CS, and Tools.
2. The folders corresponding to each department are managed by each department, and the Tools folder is maintained by the administrator.
3. HR administrator account: hradmin; common user account: user1.
FM administrator account: fmadmin; common user account: user2.
TS administrator account: tsadmin; common user account: user3.
PRO administrator account: proadmin; common user account: user4.
CS administrator account: csadmin; common user account: user5.
Tools administrator account: admin.

4. Create a user

# Useradd-s/sbin/nologin hradmin
 
# Useradd-g hradmin-s/sbin/nologin user1
 
# Smbpasswd-a hradmin

5. Create a directory

# Mkdir Company
 
# Mkdir hr fm ts pro cs Share
 
# Cd Share
 
# Mkdir hr fm ts pro cs Tools

6. Change Directory properties

# Chown hradmin. hradmin HR
 
# Chmod 777 Company

7. Modify the configuration file

# --------------------------- Global Settings ---------------------------------
 
[Global]
 
# ----------------------- Network Related Options -------------------------
 
Workgroup = WORKGROUP
 
Server string = David Samba Server Version % v
 
# --------------------------- Logging Options -----------------------------
 
Log file =/var/log/samba/log. % m
 
Max log size = 50
 
# ----------------------- Standalone Server Options ------------------------
 
Security = user
 
Passdb backend = tdbsam
 
# --------------------------- Share Definitions --------------------------------
 
[HR] # for other departments, refer to HR modification.
 
Comment = This is a directory of HR.
 
Path =/Company/HR/
 
Public = no
 
Admin users = hradmin
 
Valid users = @ hradmin
 
Writable = yes
 
Create mask = 0750
 
Directory mask = 0750
 
[Share]
 
Comment = This is a share directory.
 
Path =/Company/Share/
 
Public = no
 
Valid users = admin, @ hradmin, @ fmadmin, @ tsadmin, @ proadmin, @ csadmin
 
Writable = yes
 
Create mask = 0755
 
Directory mask = 0755

8. Restart the service.

#/Etc/init. d/smb restart