Detailed configuration of Samba server (non-domain Mode)

There are two services for running Samba: SMB and nmb. SMB is the core startup service of Samba and is mainly responsible for establishing conversations between the Samba server and the samba client, verify the identity of the user and provide access to the file and print system. Only when the smb service is started can file sharing be realized, listening to port 139 TCP, And the nmb Service is responsible for parsing, similar to the functions implemented by DNS, nmb can correspond the name of the Working Group shared by the Linux system to its IP address. If the nmb service is not started, it can only access the shared file through the IP address, listen to UDP ports 137 and 138.
The Samba server can implement the following functions:
A. wins and DNS services;
B. Web browsing service;
C. authentication and authorization between Linux and Windows domains;
D. Unicode Character Set and domain name ing;
E. UNIX sharing that meets the CIFS protocol.
SAMBA service configuration mainly refers to the configuration of the/etc/samba/smb. conf file. Generally, a company or an enterprise is divided into three types:
1. Configure public anonymous shared directories(That is, an anonymous account accesses a common directory or file );
A. configuration file:
[[Email protected] ~] # Vi/etc/samba/smb. conf
Add or modify the relevant code in the file:
Workgroup = workgroup // defines the Working Group concept in windows.
Server String = LMZ Samba server version % v // Brief description of Samba server Definition
NetBIOS name = lmzsamba
Log File =/var/log/samba/log. % m // defines the log file of Samba users. % m represents the client host name.
// The Samba server creates different log files for each login host in the specified directory.

Security = share // shared level, which can be accessed without an account or password

[Public] // The setting is specific to the shared directory and only applies to the current shared resource.
Comment = Public stuff // The description file for the shared directory. You can define the description file yourself.
Path =/share // It is required to specify the shared directory.
Public = Yes // available to all users, equivalent to guest OK = Yes
B. Create a shared directory:
[[Email protected]/] # mkdir share
[[Email protected]/] # cd share
Grant the nobody permission to anonymous users for the/share directory:
[[Email protected]/] # chown-r nobody: Nobody share/
C. Restart the smb service:
[[Email protected]/] #/etc/init. d/SMB restart
Shutting down SMB services: [OK]
Starting SMB services: [OK]
[[Email protected]/] #/etc/init. d/nmb restart
Shutting down nmb services: [failed]
Starting nmb services: [OK]
D. test whether the smb. conf configuration is correct:
[[Email protected]/] # testparm
E. Access the shared files on the Samba server:
[[Email protected]/] # smbclient // 127.0.0.1/Public
Display result:
Warning: The Security = share option is deprecated
Enter Root's password:
Because it is an anonymous user and no password is set, you can press Enter here:
Domain = [workgroup] OS = [UNIX] Server = [Samba 3.6.9-167. el6_5]
Server not using user level security and no password supplied.
SMB: \>
Enter the LS command and press enter to display the contents in the shared directory:
Enter the Q command here to exit the access.
F. Share resources when accessing windows -----> Start ----> RUN ----> enter the IP address of the \ Samba server to access the shared resources when you return to China.

2. Group directories by permission(In addition to the public shared directory, each group accesses files or directories of each group. Take TS as an example );
A. Add the TS group and System User and assign the user password:
[[Email protected] ~] # Groupadd TS
[[Email protected] ~] # Useradd-g TS zhangsan //-G specifies the user group
[[Email protected] ~] # Useradd-g TS Lisi
Set the Lisi password:
[[Email protected] ~] # Passwd Lisi
Display result:
Changing password for user Lisi.
New password:
Enter the password 123456 here, and press Enter:
Bad password: It is too short
Bad password: is too simple
Retype new password:
Enter the password 123456 again, and press Enter:
Passwd: All authentication tokens updated successfully.
Set the password of zhangsan:
[[Email protected] ~] # Passwd zhangsan
Display result:
Changing password for user zhangsan.
New password:
Enter the password 123456 here, and press Enter:
Bad password: It is too short
Bad password: is too simple
Retype new password:
Enter the password 123456 again, and press Enter:
Passwd: All authentication tokens updated successfully.
B. Create the/TS folder in the root directory:
[[Email protected] ~] # Cd/
[[Email protected]/] # mkdir TS
C. Add two accounts (Lisi and zhangsan) to the samba account:
[[Email protected] ~] # Smbpasswd-A zhangsan //-A: Add a samba account
New smb password:
Retype new smb password:
Added user zhangsan.
[[Email protected] ~] # Smbpasswd-A Lisi
New smb password:
Retype new smb password:
Added user Lisi.
D. Modify the main configuration file as follows:
[[Email protected] ~] # Vi/etc/samba/smb. conf
Modify security:
Security = user // user level, which can be accessed only by account and password
Add information:
[Ts]
Comment = TS
Path =/TS // specify the TS group directory
Valid users = @ ts // when this group of users access resources on the Samba server, read the TS configuration file and find the corresponding directory.
E. Reload the samba service:
[[Email protected] ~] # Service SMB reload
Display result:
Reloading smb. conf file: [OK]
F. The access method is the same as above. You must enter the user name and password for access.

3. group different directories under the shared directory.
Requirement: 1. Separate a company partition in the system partition, which has the following folders: HR, FM, and share. There are the following folders under share: HR, FM, and tools.
2. The folders corresponding to each department are managed by each department, and the tools folder is maintained by the Administrator.
3. HR Administrator Account: hradmin; Common User Account: hruser. FM Administrator Account: fmadmin; Common User Account: fmuser.
A. Create a New System User and password, and set the SMB account and password:
Add a system user:
[[Email protected] ~] # Useradd-S/sbin/nologin hradmin //-s specifies the shell used for Logon. nologin prohibits the use of this system account to log on to the system (Linux or Unix systems)
//
When switching from root, the following prompt is displayed: This account is currently not available.

// Use/bin/Bash to switch over. [[email protected] ~] $ Su -- shell =/bin/bash hruser # Press enter to switch to the hruser user.
[[Email protected] ~] # Useradd-G hradmin-S/sbin/nologin hruser
[[Email protected] ~] # Useradd-S/sbin/nologin fmadmin
[[Email protected] ~] # Useradd-G hradmin-S/sbin/nologin fmuser
[[Email protected] ~] # Useradd-S/sbin/nologin Admin
Set the SMB account and password (same as above ):
[[Email protected] ~] # Smbpasswd-A hradmin
New smb password:
Retype new smb password:
Added user hradmin.
[[Email protected] ~] # Smbpasswd-A hruser
New smb password:
Retype new smb password:
Added user hruser.
[[Email protected] ~] # Smbpasswd-A fmadmin
New smb password:
Retype new smb password:
Added user fmadmin.
[[Email protected] ~] # Smbpasswd-A fmuser
New smb password:
Retype new smb password:
Added user fmuser.
[[Email protected] ~] # Smbpasswd-A Admin
New smb password:
Retype new smb password:
Added user admin.
B. Create a directory:
[[Email protected]/] # mkdir Company
[[Email protected]/] # cd Company
[[Email protected] Company] # mkdir hr fm share
[[Email protected] Company] # cd share
[[Email protected] share] # mkdir hr fm tools
C. Change directory properties:
[[Email protected] Company] # chown hradmin. hradmin HR
[[Email protected] Company] # chown fmadmin. fmadmin FM
[[Email protected] Company] # chown Admin. Admin share
[[Email protected] Company] # cd share
[[Email protected] share] # chown hradmin. hradmin HR
[[Email protected] share] # chown fmadmin. fmadmin FM
[[Email protected] share] # chown Admin. Admin Tools
[[Email protected] share] # chmod 1775 HR FM
D. Modify the main configuration file as follows:
Security = user
Passdb backend = tdbsam
[HR]
Comment = This is a directory of HR.
Path =/Company/HR/
Public = No
Admin users = hradmin
Valid users = @ hradmin
Writable = Yes
Create mask = 0750
Directory mask = 0750
[FM]
Comment = This is a directory of FM.
Path =/Company/FM/
Public = No
Admin users = fmadmin
Valid users = @ fmadmin
Writable = Yes
Create mask = 0750
Directory mask = 0750
[Share]
Comment = This is a share directory.
Path =/Company/share/
Public = No
Valid users = admin, @ hradmin, @ fmadmin
Writable = Yes
Create mask = 0755
Directory mask = 0755
E. Restart the samba service:
[[Email protected] share] #/etc/init. d/SMB restart
[[Email protected] share] #/etc/init. d/nmb restart
4. Set the network ing drive. You can add a drive letter-like folder in the computation to compare

Detailed configuration of Samba server (non-domain Mode)