Configure the Samba File Sharing server in Ubuntu, using tusamba

Configure the Samba File Sharing server in Ubuntu, using tusamba

Samba is a free software that implements the SMB protocol on Linux and UNIX systems. It consists of servers and client programs. Server Messages Block (SMB) is a communication protocol used to share files and printers on a LAN, it provides sharing services for files, printers, and other resources between different computers in the LAN.

Environment: Win7_64-bit + VMware11 + Ubuntu1204

1. Like other network services, to use the Samba service, you must ensure that the server and client are connected to the Internet, that is, ping is enabled. Otherwise, debug the network first.

2. If you are using versions earlier than Ubuntu1204, we recommend that you uninstall samba, smbclient, and samba-common first.

　　　　1 sudo apt-get remove samba-common　　　　2 sudo apt-get remove smbclient　　　　3 sudo apt-get remove samba

Download and install the Samba service:

1 sudo apt-get install samba 2 sudo apt-get install samba-common 3 sudo apt-get install smbfs // in earlier versions of Ubuntu, you may need to replace cifs-utils with smbfs. 4 sudo apt-get install cifs-utils // the new version of ubuntu1204 is installed

Note: if an error occurs during samba installation

Samba: Depends: libwbclient0 (=. 6.3-2ubuntu2) but. 6.3-2ubuntu2. 3 is to be installed

Then uninstall and reinstall samba.

Sudo apt-get remove libwbclient0 samba-common samba

Sudo apt-get install samba // apt-get will automatically complete the dependency package

 

3. Create a shared directory

Sudo mkdir/home/share
Sodu chmod 777/home/share

 

4. Start configuring/etc/samba/smb. conf.

1. Save the existing configuration file

Sudo cp/etc/samba/smb. conf/etc/samba/smb. conf. bak

2. modify the current configuration file

Sudo vi/etc/samba/smb. conf

3. Add at the end of smb. conf

[Share]
Path =/home/share # absolute path of the shared directory
Available = yes # available shared resources
Browseable = yes # shared directory browsing
Public = yes # Allow anonymous users to log on
Writable = yes # shared Directory writable

[Shared attributes]

Comment =Any string

Note: comment is a description of the sharing, which can be any string. Path = Shared directory pathDescription: path is used to specify the path of the shared directory. You can use macros such as % u and % m to replace the Netbios names of unix users and clients in the path. They are mainly used for [homes] shared domains. For example, if we do not want to use the home segment as the customer's share, but create a directory for each Linux User under/home/share/as the shared directory with his/her username, in this way, the path can be written as: path =/home/share/% u ;. When a user connects to the shared object, the specific path will be replaced by the user name. Note that the path of the user name must exist. Otherwise, the client cannot find the network path during access. Similarly, if we do not divide directories by users, but by dividing directories by clients, we will create a path with its netbios name for each machine on the network that can access samba, as resources shared by different machines, you can write: path =/home/share/% m. Browseable = yes/noDescription: browseable is used to specify whether the share can be viewed. Writable = yes/noDescription: writable is used to specify whether the shared path is writable. Available = yes/noDescription: available is used to specify whether the shared resource is available. Admin users = Manager of the shareNote: admin users is used to specify the share Administrator (with full control permissions on the share ). In samba 3.0, this item is invalid if the user authentication method is set to "security = share. For example, admin users = bobyuan and jane (multiple users are separated by commas ). Valid users = Allow access to the shared userDescription: valid users is used to specify the users Allowed To access the shared resource. For example, valid users = bobyuan, @ bob, @ tech (multiple users or groups are separated by commas (,). To join a group, use "@ + group name .) Invalid users = Prohibit Access to the shared userDescription: invalid users is used to specify users that are not allowed to access the shared resource. For example, invalid users = root, @ bob (multiple users or groups are separated by commas .) Write list = users allowed to write data to this shareNote: The write list is used to specify the users who can write files under the share. Example: write list = bobyuan, @ bob Public = yes/noDescription: public is used to specify whether the shared object can be accessed by a guest account. Guest OK = yes/noMeaning: it is the same as "public ".

 

　　　　Note:If you are not used to using the configuration file, you can also use the graphical interface.

Install the Ubuntu samba graphic Management Interface

Sudo apt-get install system-config-samba

Start the samba graphic Management Interface
Sudo system-config-samba

　　

5. Create a samba account

Sudo touch/etc/samba/smbpasswd
Sudo smbpasswd-a john

　　　Then you will be asked to enter the password of the samba account

[If you do not have this step, the system will prompt session setup failed: NT_STATUS_LOGON_FAILURE when you log on.]

　　　

Usage of the smbpasswd command:
Smbpasswd-a adds users (the users to be added must be system users)
Smbpasswd-d: the user cannot be logged on.
Smbpasswd-e restores the user and restores the user so that the frozen user can use
Smbpasswd-n: Set the password to null and write null passwords-true to global.
Smbpasswd-x delete user

 

6. Restart samba after configuration.
Sudo/etc/init. d/smbd restart

 

VII. Test and use

Test: Enter smbclient-L // localhost/share

Usage: Enter "\" + "Ubuntu machine ip address or host name" + "\" + "share" in the windows folder"

 

Advanced: User Account ing

The user account information of samba is saved in the smbpasswd file, and the account that can access the samba server must also correspond to a system account with the same name. Based on this, for some hackers, as long as they know that the samba server drops the samba account, they know the Linux system account, as long as crack uses the password of its samba account to attack the samba server. Therefore, we need to use the user account ing function to solve this problem.

User Account ing requires an account ing table, which records the correspondence between the samba account and the virtual account. When the client accesses the samba server, it uses virtual login.

1) edit the main configuration file vi/etc/samba/smb. conf
Add the username map =/etc/samba/smbusers field in global to enable user account ing.

2) EDIT vi/etc/samba/smbusers
The smbusers file stores the account ing relationship, which has a fixed drop format:
Samba account = virtual account (ing account)
Myname = networkusername
Account myname is the samba account created above (also a Linux system account), networkusername is the mapped account name (virtual account ), account myname can be accessed successfully by entering networkusername when accessing the shared directory. However, our myname account is used to access the samba server, which solves the security problem.