Day 42nd: Questions related to Samba

Small Q: The immutable thing in the world is the truth that everything is changing. --Sri Lanka

Samba Port --------------------------------------------------------------

1) Port 137 (UDP)-NetBIOS name service; NMBD

2) Port 138 (UDP)-NetBIOS datagram Service

3) Port 139 (TCP)-File and print sharing, SMBD (based on SMB (Server Message Block) protocol, mainly in the office

Use in a domain network, file sharing protocol)

4) Port 389 (TCP)-For LDAP (Active Directory Mode)

5) port 445 (TCP)-NetBIOS service uses this port in WinDOS 2000 and later versions (Common Internet File

System,cifs, which is an Internet file share that is implemented after the SMB protocol is extended to the Internet

6) Port 901 (TCP)-for SWAT, for Web management Samba

file sharing between Windows systems: NetBEUI (NetBIOS Extend User Interface) protocol and Ipx/spx protocol NetBEUI Protocol is a short, Communication-efficient broadcast protocol, which does not need to be set up after installation, is particularly suitable for transmitting data in a "Network Neighborhood" . NETBEUI lack of routing and Network layer addressing function is not only its greatest advantage, but also its biggest disadvantage. Because it does not require additional network addresses and network layer Kinsoku, it is fast and effective and works well for small workgroup environments that are bridged only by a single network or an entire environment.

Because routing is not supported, NetBEUI will never become the primary protocol for the corporate network . The only address in the NetBEUI frame is the data Link Layer media access control (MAC) address, which identifies the NIC but does not identify the network. The router forwards the frame to the final destination by the network address, and the NetBEUI frame lacks that information completely. The NetBEUI protocol is mainly used in local area networks and is not generally used for communication with computers in other networks. ipx/spx (Internetwork Packet exchange/sequences Packet exchange,internet packet switching/sequential packet switching ipx/spx) is a set of communications protocols for Novell Corporation. Thedistinctive difference with n Etbeui is that the ipx/spx is quite large and has strong adaptability in complex environment . This is because ipx/spx in the beginning of the design to consider the problem of the network segment, so it has a powerful routing function, suitable for large-scale network use. IPX mainly realizes the maintenance and termination of the connection between network devices . The SPX protocol is the auxiliary protocol of IPX , which mainly realizes the grouping of information, tracking packet transmission and guaranteeing the intact transmission of information. The IPX protocol is responsible for the transmission of the packet, and the SPX is responsible for the integrity of the packet transmission.

File sharing between Linux systems and Liunx with Windows systems:IBM SMB, Server Information block protocol Server Information block (SMB) protocol is an IBM protocol that is used to share files, printers, serial ports, etc. between computers. The SMB protocol can be used over the TCP/IP protocol of the Internet or on other network protocols such as IPX and NetBEUI

anonymous user and user authentication coexistence ---------------------------------------------------------

Requirements: Set up a samba server, share two directories, public and project, where the public directory can be accessed anonymously, anyone can read and write; The project directory needs to verify the user name password before it can be accessed.

1. Install Samba services .....

2. Configure samba with the following main configuration parameters:

[global]workgroup = workgroupserver string = samba server version % Vnetbios name = fileserver;       interfaces = lo  eth0 192.168.12.2/24 192.168.13.2/24allow hosts = 10.0.8. 172.169.128.;        deny hosts = 192.168.100.0/24# ----------------- ---------- Logging Options -----------------------------log file = /var/log/ Samba/%m.log# max 50kb per log file, then rotatemax log size  = 50security = user                     //Authentication Mode is usermap to guest = bad  user            //This is the key to implementing anonymity without interactive input username and password Guest  account = nobody             //anonymous users are mapped to nobody users, The system should have nobody user encrypt passwords = yes             //user's password encryption smb passwd file = /etc/samba/smbpasswd[public]comment =  publicpath= /data/pub/publicbrowseable = yes                    //can be browsed, that is, the share name can be seen in the Network Neighborhood Guest ok  = yes                      //Allow anonymous access, this also needs to be set, otherwise anonymous unreachable writable = yesprintable =  nocreate mask = 0644directory mask = 0755[project]comment =  projectpath= /data/pub/projectbrowseable = yespublic = noguest ok =  nowrite list =  @trainforce  USER =&NBsp;root                    //the owner of the established document is mandatory printable = nocreate mask = 0644directory mask =  0755

Samba Common parameters ---------------------------------------------------------------------

Comment: Comments on shared directories

path: Shared paths.

Allow hosts and deny hosts: Hosts that are allowed or denied

Writeable: The directory default is writable, you can also use readonly = No to set the writable

Valid users: People and groups that can use the shared resource

Invalid users: People and groups that are not able to use the shared resource

Read list: Users and groups that can read only this shared resource

Write list: Users and groups that can read and write the shared resource

Admin List: Users and groups who can manage this shared resource (including read-write and permission-granting, etc.)

Public: Whether the shared resource can be accessed by the visitor account, this switch is sometimes called guest OK

Hide dot files: Whether to hide the "." File that begins with the number

Create mode: The properties of the newly created file, typically 0644

Directory mode: The properties of the newly created directory, typically 0755

Sync always: Whether to synchronize after writing to the shared resource

Short Preserve case: Regardless of file name capitalization

Preserve case: Keep casing

Case sensitive: not sensitive to casing, general select No, otherwise it may cause errors

Mangle case: Specifying mixed casing

Default case: Whether the file name is all uppercase or lowercase (lower/upper)

Force User: The owner of the newly created file

Wide links: Whether to allow the sharing of linked files

Max connections = N: Sets the number of simultaneous connections

Delete readonly: Can delete a file that is already defined as read-only in the shared resource.

Samba Chinese garbled ---------------------------------------------------------------------

SSH login to the remote Linux server, using the win browser to view Samba server in the Chinese name folder, see the Chinese file name is garbled, the shell is not set?

1) Open the/etc/sysconfig/i 18n setting:

Lang= "ZH_CN. GB2312 "Language=" ZH_CN. Gb18030:zh_cn. GB2312:ZH_CN "supported=" ZH_CN. Gb18030:zh_cn. Gb2312:zh_cn. Utf-8:zh:en_us. Utf-8:en_us:en:ja_jp. UTF 8:ja_jp:ja "sysfont=" Lat0-sun16 "sysfontacm=" 8859-15 "

(lang= "ZH_CN. GB2312 "must be set, other optional)

2) Open smb.cnf

Add to:

Dispaly charset=cp936

Unix charset=cp936

DOS charset=cp936

Just restart the system.

the user corresponds to their own folder ----------------------------------------------------------

Requirements: 1, user user1 belong to group group1; User User2 belongs to group group1 and group group2; user User3 belongs to group Group3

2, users user1 user2 User3 can enter their own folder

3, User User1 User2 can enter folder group1; user User2 User3 can enter folder group2

Create a new folder in the root directory SMB folder and its subordinate subfolders

Mkdir/smbcd/smbmkdir user1 user2 user3 group1 group2

To add a user group

Groupadd group1 group2

Add user

Useradd-s/sbin/nologin-g group1 user1

Useradd-s/sbin/nologin-g group1,group2 User2

Useradd-s/sbin/nologin-g group2 User3

User and user groups for changing folders

Chown-r user1:user1 user1chown-r user2:user2 user2 chown-r user3:user3 user3chown-r: group1 group1chown-r: group2 Gro Up2

Change folder access permissions

chmod 770-r group1 group2

chmod 700-r user1 user2 User3

Adding users to Samba

Pdbedit-a user1

Pdbedit-a User2

Pdbedit-a User3

Open the configuration file for Samba/etc/samba/smb.conf

[global]        workgroup = workgroup         server string = Samba Server Version %v         security = user         passdb backend = tdbsam        load printers  = yes        cups options = raw# also needs to include the following: [ user1]        comment = user1         path = /smb/user1        valid users  = user1        read only = No[user2]         comment = User2         path = /smb/user2        valid users = user2         read only = No[user3]         comment = user3        path = /smb/user3         valid users = user3         read only = No[group1]         comment = group1        path = /smb/group1         valid users =  @group1          read only = no[group2]        comment  = group2        path = /smb/group2         valid users =  @group2         read only =  no

Final effect:

After logging in with User1, you can access User1 and group1;

After logging in with User2, you can access user2,group1 and group2;

After logging in with User3, you can access User3 and group2.

Additional: There is an application situation, often encountered in the actual work: every department in the company has a folder named after its own department name, but everyone in the department needs to have their own private folders, without increasing the number of shared folders, Within the Department folder, you actually have only the folders that you can access. The advantage of this is that the number of shared folders is not too much to manage and it is not easy to find files.

Both User1 and User2 belong to the group1 group, and they all have access to the shared folder Group1, but in the folder group1 the user user2 some folders (such as folder User2) that do not want to be accessed by others in this group.

This situation is a shared issue and is a problem with folder permissions.

The user and user groups that only need to modify folder User2 in folder group1 under the Linux command line are allowed to group permissions.

Chown-r User2:user2/smb/group1/user2

Chmod-r 700/smb/group1/user2

In most cases, these private folders in a shared folder are set by the administrator and cannot be set by the user.

After this setting, non-user user1 access to this file, the system prompts insufficient permissions;

Transferred from: Http://www.apelearn.com/bbs/forum.php?mod=viewthread&tid=7374&highlight=samba

Web Interface Change Password ---------------------------------------------------------------

Web page Change password, to install CHANGEPASSWD

To modify the SMB configuration file before installing, add the following:

Pam Password change = no passwd chat = *new*password*%n\n *retype*new*password*%n\n *passwd:*all*authentication*t        okens*updated*successfully* SMB passwd file =/etc/samba/smbpasswd passwd program =/usr/bin/passwd%u Unix Password sync = yes

Download changepasswd

wget Http://prdownloads.sourceforge.net/changepassword/changepassword-0.9.tar.gztar ZXVF CHANGEPASSWORD-0.9.TAR.GZCD changepassword-0.9./configure--enable-cgidir=/var/www/cgi-bin--enable-language= Chinese--enable-smbpasswd=/etc/samba/smbpasswd--disable-squidpasswd make make and install

Installation Error:

/usr/bin/ld:cannot Find-ldes

Collect2:ld returned 1 exit status

Make: * * * [changepassword.cgi] Error 1

Workaround:

CD CHANGEPASSWORD-0.9/SMBENCRYPT/TAR-XZVF libdes-4.04b.tar.gzcd DES/MAKECP libdes.a.

After recompiling the CHANGEPASSWD, the installation is complete;

When done, launch Apache. Login http://IP/cgi-bin/changepassword.cgi

Web login After installation is complete, display Chinese garbled

Put the httpd configuration file in the/etc/httpd/conf/httpd.conf:

Adddefaultcharset UTF-8 instead:

Adddefaultcharset ZH_CN. UTF-8

The ETC/SAMBA/SMB.CNF section is configured as follows

[global]       workgroup =         server string = chinanews shared        #  max 50KB per log file, then rotate         log file = /var/log/samba/%m.log        max  log size=200KB        display charset =  utf-8        unix charset = utf-8         dos charset = UTF-8          #dos  charset = CP850        security =  user        passdb backend = smbpasswd         Pam password change = no        passwd chat  = *new*password* %n\n *retype*new*password* %n\n *passwd:*all*authentication* tokens*updated*successfully*        smb passwd file =  /etc/samba/smbpasswd        passwd program = /usr /bin/passwd %u        unix password sync =  yes        load printers = no         cups options = raw        # obtain list of printers automatically on systemv[homes]         comment = Home Directories         browseable = no        writable = yes;        valid users = %s;       valid users =  mydomain\%s[mulu1]        comment = share for  users        path = /data/mulu1         read only = no         browseable = yes        writable = no         public = no         create mode = 0777        directory mode =  2777#       hosts allow =          vaild users =  @rogroup   @rwgroup         write list =   @rwgroup [mulu2]        comment = share for  users        path = /data/mulu2         read only = no        public  = no       browseable = yes         writable = no        public =  no        create mode = 0777         directory mode = 2777          #vaild  users =   @rwgroup         write  List= user1 user2 usEr3 

Transferred from: http://www.apelearn.com/bbs/thread-5250-1-1.html

=================================== Exercises ======================================

1. Where are samba services used?

Samba services are used to share files or printers on a Linux server to Windows or Linux.

2. In the Samba service configuration file, how many security levels are available in the [Global] configuration section? What is the meaning of the distinction? The security= has four security levels:

Share: Users do not need an account and password to log in to the Samba server

User: The Samba server providing the service checks the account and password (default)

Server: Checking account and password work is done by another Windows or Samba server

Domain: Specifies the Windows domain control server to verify the user's account and password.

3. What is the difference between Passdb backend three types of smbpasswd, Tdbsam and Ldapsam?

SMBPASSWD: This is a mechanism used by the old version of Samba, which uses the tool SMBPASSWD to set the system user to a

Samba password that the client uses to access the samba resource.

Tdbsam: The new version of the default account storage mechanism, but also the SMB account exists in a file, using the Pdbedit tool to create and modify the SMB account. The account must be a system user.

Ldapsam: Authenticates the user based on the LDAP account management method.

4. What is the command to start the samba service?

Service SMB start or/etcinit.d/samba start

5. How to create a new user, how to lock, restore the user, and how to delete a user when using the Tdbsam user background?

PDBEDIT-A username Create

Pdbedit-c "[D]"-u username lock

Pdbedit-c "[]"-u username Recovery

Pdbedit-x Username Delete

6. How to access the remote Samba server in IE browser?

file://ip/

7. On Linux, how do we access the Samba server? (Two cases)

Smbclient//ip/share-u username

Mount-t CIFS//ip/share/mnt-o username=user,password=pass//need to be installed Cifs_vtils

8.SMBPASSWD command parameters detailed?

-H: Show smbapasswd command Format help

-A: Add the specified user account

-D: Disable the specified user account

-e: Enable the specified user account

-X: Delete the specified user account

Introduction to the main section of the 9.samba configuration file?

[Global]: Define global variables

[Homes]: Share your home directory, this section can be commented out, replaced by a custom directory

[Printers]: Set up printing and sharing

Day 42nd: Questions related to Samba