The services provided by the file server are used by most companies or enterprises, because different resource files are obtained from different positions in any company or enterprise.
Preface:The services provided by the file server are used by most companies or enterprises, because different resource files are obtained from different positions in any company or enterprise, this requires configuring different permissions for different positions to ensure the security and confidentiality of related resource files.
I. Samba introduction:
Server Message Block is short for SMB, which is the Server Message Block. SMB is mainly used as Microsoft's network communication protocol. Samba applies the SMB communication protocol to the Linux system, making Samba a software that allows the Linux system to apply the Microsoft network communication protocol. The largest function of Samba can be used for file sharing and print sharing between Linux and windows systems. Samba can be used for file sharing between windows and Linux systems, it can also be used for resource sharing between Linux and Linux. due to the emergence of NFS, Samba is more used for data sharing between Linux and windows.
SMB is a client/server-based protocol. Therefore, a Samba server can be a file sharing server or a Samba client. Samba uses the NetBIOS protocol in windows. if you want to use files shared in Linux, check whether the NetBIOS protocol is installed in your windows system.
There are two services for running Samba: SMB and NMB. SMB is the core startup service of Samba and is mainly responsible for establishing conversations between the Samba server and the Samba client, verify the identity of the user and provide access to the file and print system. only when the SMB service is started can file sharing be realized, listening to port 139 TCP, and the NMB service is responsible for parsing, similar to the functions implemented by DNS, NMB can correspond the name of the working group shared by the Linux system to its IP address. if the NMB service is not started, it can only access the shared file through the IP address, listen to UDP ports 137 and 138.
The Samba server can implement the following functions:
A. WINS and DNS services;
B. web browsing service;
C. authentication and authorization between Linux and Windows domains;
D. UNICODE character set and domain name ING;
E. UNIX sharing that meets the CIFS protocol.
II. environment preparation:
1. CentOS 6.3 (32-bit), host name: samba;
2. IP address: 192.168.31.131;
3. Virtual Machine: VMware? Workstation 9.0.0 build-812388;
4. samba software: samba-3.6.9-167.el6_5.i686;
5. working group: Lmzsamba.
3. install software:
A. preparations before installation:
SELINUX = disabled
Disable firewall: service iptables stop
B. run the following command to install samba:
[Root @ samba ~] # Yum install samba-client samba-swat
C. check whether samba is successfully installed:
[Root @ samba ~] # Rpm-qa | grep samba
If the following information is displayed, the installation is correct:
Samba-client-3.6.9-167.el6_5.i686
Samba-3.6.9-167.el6_5.i686
Samba-common-3.6.9-167.el6_5.i686
Samba-winbind-3.6.9-167.el6_5.i686
Samba-swat-3.6.9-167.el6_5.i686
Samba-winbind-clients-3.6.9-167.el6_5.i686
D. start the samba service and check the status:
[Root @ samba ~] #/Etc/init. d/smb start
Display result:
Starting SMB services: [OK]
Status Check:
[Root @ samba ~] # Service smb status
Display result:
Smbd (pid 2462) is running...
E. set auto-start upon startup and check whether the setting is successful:
[Root @ samba ~] # Chkconfig -- level 35 smb on
Check whether it is successful:
[Root @ samba ~] # Chkconfig -- list | grep smb
If the result is displayed in red (samba service is automatically run on level 3 and level 5), the setting is successful:
Smb 0: off 1: off 2: off 3: on 4: off 5: on 6: off
4. service configuration:
Samba service configuration mainly refers to the configuration of the/etc/samba/smb. conf file. Generally, a company or an enterprise is divided into three types:
1. configure public anonymous shared directories (that is, anonymous accounts access shared directories or files );
A. configuration file:
[Root @ samba ~] # Vi/etc/samba/smb. conf
Add or modify the relevant code in the file:
Workgroup = WORKGROUP // defines the working group concept in windows.
Server string = Lmz Samba Server Version % v // brief description of Samba server definition
Netbios name = LmzSamba // define the name of the computer displayed in windows
// Define the log file of Samba. % m indicates the client host name.
// The Samba server creates different log files for each login host in the specified directory.
Log file =/var/log/samba/log. % m
Security = share // shared level, which can be accessed without an account or password
[Public] // The setting is specific to the shared directory and only applies to the current shared resource.
Comment = Public Stuff // The description file for the shared directory. you can define the description file yourself.
Path =/share // it is required to specify the shared directory.
Public = yes // available to all users, equivalent to guest OK = yes
B. create a shared directory:
[Root @ samba ~] # Cd ..
[Root @ samba/] # mkdir share
[Root @ samba/] # cd share
[Root @ samba share] # touch samba.txt
[Root @ samba share] # touch aa.txt
[Root @ samba share] # ls-ls
Display result:
Total 0
0-rw-r --. 1 root 0 Mar 13 :02 aa.txt
0-rw-r --. 1 root 0 Mar 13 :02 samba.txt
Grant the nobody permission to anonymous users for the/share Directory:
[Root @ samba/] # chown-R nobody: nobody share/
[Root @ samba/] # ll/share/
Total 0
-Rw-r --. 1 nobody 0 Mar 13 11: 02 aa.txt
-Rw-r --. 1 nobody 0 Mar 13 :02 samba.txt
C. restart the smb service:
[Root @ samba/] #/etc/init. d/smb restart
Shutting down SMB services: [OK]
Starting SMB services: [OK]
[Root @ samba/] #/etc/init. d/nmb restart
Shutting down NMB services: [FAILED]
Starting NMB services: [OK]
D. test whether the smb. conf configuration is correct:
[Root @ samba/] # testparm
Display result:
Load smb config files from/etc/samba/smb. conf
Rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
WARNING: The security = share option is deprecated
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[Global]
Netbios name = LMZSAMBA
Server string = Lmz Samba Server Version % v
Security = SHARE
Log file =/var/log/samba/log. % m
Max log size = 50
Idmap config *: backend = tdb
Cups options = raw
[Homes]
Comment = Home Directories
Read only = No
Browseable = No
[Printers]
Comment = All Printers
Path =/var/spool/samba
Printable = Yes
Print OK = Yes
Browseable = No
[Public]
Comment = Public Stuff
Path =/share
Guest OK = Yes
E. access the shared files on the Samba server:
E1: CentOS system test:
[Root @ samba/] # smbclient // 127.0.0.1/public
Display result:
WARNING: The security = share option is deprecated
Enter root's password:
Because it is an anonymous user and no password is set, you can press enter here:
Domain = [WORKGROUP] OS = [Unix] Server = [Samba 3.6.9-167. el6_5]
Server not using user level security and no password supplied.
Smb: \>
Enter the ls command and press enter to obtain the following information:
Smb: \> ls
. D 0 Thu Mar 13 11:02:47 2014
.. DR 0 Thu Mar 13 11:13:53 2014
Aa.txt 0 Thu Mar 13 11:02:47 2014
Samba.txt 0 Thu Mar 13 11:02:37 2014
35755 blocks of size 524288. 29202 blocks available
Smb: \>
Enter the q command here to exit the access.
E2: Windows XP system test, result
We can see that the public directory is shared successfully.
2. group directories by permission (that is, in addition to public shared directories, each group accesses files or directories of each group. Take TS as an example );
A. add the TS Group and user and assign the user password:
[Root @ samba ~] # Groupadd ts
[Root @ samba ~] # Useradd-g ts zhangsan
[Root @ samba ~] # Useradd-g ts lisi
Set the lisi password:
[Root @ samba ~] # Passwd lisi
Display result:
Changing password for user lisi.
New password:
Enter the password 123456 here, and press enter:
Bad password: it is too short
Bad password: is too simple
Retype new password:
Enter the password 123456 again, and press enter:
Passwd: all authentication tokens updatedSuccessfully.
Set the password of zhangsan:
[Root @ samba ~] # Passwd zhangsan
Display result:
Changing password for user zhangsan.
New password:
Enter the password 123456 here, and press enter:
Bad password: it is too short
Bad password: is too simple
Retype new password:
Enter the password 123456 again, and press enter:
Passwd: all authentication tokens updatedSuccessfully.
B. create the/ts folder in the root directory:
[Root @ samba ~] # Cd/
[Root @ samba/] # mkdir ts
[Root @ samba/] # cd ts
[Root @ samba ts] # touch ts.txt
[Root @ samba ts] # ls-ls
Total 0
0-rw-r -- 1 root 0 Mar 13 ts.txt
C. add two accounts (lisi and zhangsan) to the samba account:
[Root @ samba ~] # Smbpasswd-a zhangsan
New SMB password:
Retype new SMB password:
Added user zhangsan.
[Root @ samba ~] # Smbpasswd-a lisi
New SMB password:
Retype new SMB password:
Added user lisi.
D. modify the main configuration file as follows:
[Root @ samba ~] # Vi/etc/samba/smb. conf
Modify security:
Security = user // shared level, which can be accessed without an account or password
Add information:
[Ts]
Comment = TS
Path =/ts
Valid users = @ ts
E. reload the samba service:
[Root @ samba ~] # Service smb reload
Display result:
Reloading smb. conf file: [OK]
F. test in window xp:
Open my computer and enter \ 192.168.31.131 in the address bar. the user logon box is displayed ,:
In the figure, enter the username: lisi and Password: 123456. after successful login, you can see the corresponding directories, including lisi's own directories, anonymous public directories, and non-anonymous directories shared by lisi and zhangsan. As shown in:
We can see that the expected results are achieved.
3. group different directories under the shared directory.
Requirement: 1. separate a Company partition in the system partition, which has the following folders: HR, FM, and Share. There are the following folders under Share: HR, FM, and Tools.
2. the folders corresponding to each department are managed by each department, and the Tools folder is maintained by the administrator.
3. HR administrator account: hradmin; common user account: hruser. FM administrator account: fmadmin; common user account: fmuser.
A. create A user and set the SMB account password:
Add User:
[Root @ samba ~] # Useradd-s/sbin/nologin hradmin
[Root @ samba ~] # Useradd-g hradmin-s/sbin/nologin hruser
[Root @ samba ~] # Useradd-s/sbin/nologin fmadmin
[Root @ samba ~] # Useradd-g hradmin-s/sbin/nologin fmuser
[Root @ samba ~] # Useradd-s/sbin/nologin admin
Set password:
[Root @ samba ~] # Smbpasswd-a hradmin
New SMB password:
Retype new SMB password:
Added user hradmin.
[Root @ samba ~] # Smbpasswd-a hruser
New SMB password:
Retype new SMB password:
Added user hruser.
[Root @ samba ~] # Smbpasswd-a fmadmin
New SMB password:
Retype new SMB password:
Added user fmadmin.
[Root @ samba ~] # Smbpasswd-a fmuser
New SMB password:
Retype new SMB password:
Added user fmuser.
[Root @ samba ~] # Smbpasswd-a admin
New SMB password:
Retype new SMB password:
Added user admin.
For ease of memory, the configuration is set to 123456.
B. create a directory:
[Root @ samba ~] # Cd/
[Root @ samba/] # mkdir company
[Root @ samba/] # cd company
[Root @ samba company] # mkdir hr fm Share
[Root @ samba company] # cd Share
[Root @ samba Share] # mkdir hr fm Tools
C. Change Directory properties:
[Root @ samba company] # chown hradmin. hradmin HR
[Root @ samba company] # chown fmadmin. fmadmin FM
[Root @ samba company] # chown admin. admin Share
[Root @ samba company] # cd Share
[Root @ samba Share] # chown hradmin. hradmin HR
[Root @ samba Share] # chown fmadmin. fmadmin FM
[Root @ samba Share] # chown admin. admin Tools
[Root @ samba Share] # chmod 1775 HR FM
D,Modify the main configuration file as follows::
Security = user
Passdb backend = tdbsam
[HR]
Comment = This is a directory of HR.
Path =/company/HR/
Public = no
Admin users = hradmin
Valid users = @ hradmin
Writable = yes
Create mask = 0750
Directory mask = 0750
[FM]
Comment = This is a directory of FM.
Path =/company/FM/
Public = no
Admin users = fmadmin
Valid users = @ fmadmin
Writable = yes
Create mask = 0750
Directory mask = 0750
[Share]
Comment = This is a share directory.
Path =/company/Share/
Public = no
Valid users = admin, @ hradmin, @ fmadmin
Writable = yes
Create mask = 0755
Directory mask = 0755
E. restart the samba service:
[Root @ samba Share] #/etc/init. d/smb restart
Shutting down SMB services: [OK]
Starting SMB services: [OK]
[Root @ samba Share] #/etc/init. d/nmb restart
Shutting down NMB services: [OK]
Starting NMB services: [OK]
F. test Windows XP:
Open my computer and enter \ 192.168.31.131 in the address bar. the user logon box is displayed ,:
In the figure, enter the username hradmin and password 123456 to view the corresponding shared directory, as shown in:
The test is complete.
4. set the network ing drive and add a drive letter-like folder in the computing, which is convenient, as shown in:
5. if the network is disconnected, the following situations may occur, as shown in:
You can solve the problem in the form of an example:
Configuration is complete. please click it!