SAMBA service construction and samba Construction

SAMBA service construction and samba Construction
1. Introduction 1. Understanding Samba is a set of applications that use the SMB (Server Message Block) protocol. By supporting this protocol, Samba allows communication between Linux servers and Windows systems, make cross-platform mutual access possible. Samba adopts the C/S mode. The working mechanism is to run NetBIOS (the communication protocol of Windows Network neighbors) and SMB on the TCP/IP communication protocol, moreover, the NetBEUI protocol is used to allow Windows to browse Linux servers in "Network neighbors. 2. It serves to communicate with Windows and Unix operating platforms, share files and Printer services, provide identity authentication, and provide host name resolution (NetBIOS name) on Windows networks) 3. Two processes: smbd: Control publishing shared directories and permissions. The application protocol established on the NetBIOS protocol is a service nmbd Based on the TCP139/445 port. It is mainly used for name resolution; service Based on UDP137/138 ports 4. Five types of security-level share: log on to the samba server without a samba account user: You need to add a samba account to log on to the samba server: another samba server is used to authenticate the user's domain: the samba server is added to the NT domain, and the NT domain controller is used to authenticate the ADS: Active Directory Service and the Active Directory Service, it is a new authentication method in samba3.0. Using ADS verification, samba server integrated into the Active Directory 2. Deployment of samba service 1. Environment preparation # service iptables stop # setenforce 0 # vim/etc/selinux/configSELINUX = disabled2, installation service # yum install samba samba-common-y # useradd-s/sbin/nologin george -- create a samba service logon user # smbpasswd-a george -- Set User george to an smb User, and add a password. You do not need to add the-a parameter when changing the password, george must be an existing user in the system # smbpasswd-x u1 -- delete user # smbpasswd-d u1 -- Disable User # smbpasswd-e u1 -- enable user # pdbedit-L -- list all users # pdbedit-Lv -- List detailed information of all users # pdbedit-Lv george -- list detailed information of user george 3. Configure service # vim/etc/samba/smb. conf [global] -- This section is a global configuration. It is a required workgroup = MYGROUP -- Working Group, and the name is server string = Samba Server Version % v -- Samba server description, you can customize log file =/var/log/samba/log. % m max log size = 50 security = user -- security level of the running, also, the share verification method is passdb backend = tdbsam. The account and password are stored in the form of data files. load printers = yes cups options = raw [homes] -- shared by the user's home directory, each user can access Your Home directory comment = Home Directories -- shared resource description browseable = no -- whether writable = yes -- writable [printers] -- printer-related option comment = All Printers path = /var/spool/samba browseable = no guest OK = no -- anonymous users can log on to writable = no printable = yes [linuxdir] -- custom shared directory; path = -- set the shared directory; dirwriteable = yes -- whether to write; here I set it to writable; yes/nobrowseable = -- whether to browse; yes/noguest OK = -- anonymous users can log on or not; yes/no # service smb restart -- restart service 4. Client Verification 4.1: access via samba client # smbclient-L // 192.168.133.3 -- anonymous user view samba server sharing # smbclient-L // 192.168.133.3-U george -- samba user on the Server View Sharing # smbclient // 192.168.133.3/sambadir -- anonymous user logon # smbclient-U george // 192.168.133.3/george -- samba User Logon smb: \> -- this flag indicates that you have successfully logged on to the samba server. smb: \> help -- view the available command smb: /> LCD/client_dir -- change the current client directory 4.2 and mount access using commands # yum install cifs-utils-y # mount [-t cifs]-o usernam E = george, password = 123456 // 192.168.133.3/george/mnt -- User george login # mount [-t cifs]-o guest // 192.168.133.3/george/mnt -- anonymous user login, but in fact, this cannot be connected to george, because the george after // 192.168.133.3/george is not the label name in the configuration file. 4.3 automatic mounting 4.3.1 and autofs automatic mounting # vim/etc/auto. master/smbmount/etc/auto. smbmount # vim/etc/auto. smbmountupload-fstype = cifs, username = george, password = 123456 // 192.168.133.3/upload -- mount the class capacity labeled as upload to/smbmount/upload # vim/etc/sysconfig/autofsTIMEOUT = 10 -- if the time has elapsed (10 seconds ), it will automatically uninstall BROWSE_MODE = "yes" -- even if there is no mount, the mount point is displayed. This one must be added. # Service autofs restart4.3.2 and fstab are automatically mounted upon startup # vim/etc/fstab // 192.168.133.3/upload/smbmount/upload nfs ults, credentials =/root/smb. passwd 0 0 # vim/root/smb. passwdusername = georgepassword = 123456 2. Configure instance 2.1 and general configuration: # vim/etc/samba/smb. conf [guodaye] -- shared name comment = For all Anonymous userspath =/samba/share -- share the directory browseable = yes -- share anyone visible writable = yes -- specify whether the shared path is writable, [upload] comment = Uploadpath =/samba/uploadguest OK = nobrowseable = yeswriteable = yesvalid users = u1, u2, + g1 -- Users Allowed to access and group write list = u1 -- Users Allowed To write read list = u2, + g1 -- read-only user create mode = 0344 -- control the permission of the newly created file force create mode = 0344 -- control the permission of the newly created file directory mode = 077 -- control the permission of the newly created directory force directory mode = 0777 -- control the permission of the newly created directory hosts deny = all -- prohibit access to the client hosts allow = 10.1.1.0/24 handle T 10.1.1.15/32 -- allow access to the Client # mkdir-p /samba/share # chmod 1777-R/samba/share -- disable anonymous users from deleting files that do not belong to themselves. Note: create mode: Perform the AND (bitwise AND) operation with the permission to participate in the calculation. That is to say, only the bit of the column in this parameter is retained;Force create mode:Perform the OR (bit OR) operation with the permission to participate in the calculation, that is, as long as the bit in this parameter is retained; apply (create mode) first, then apply (force create mode ), in this way, if you need to accurately specify the permissions of the newly created file, you can set these two parameters to the same value. The permissions of the newly created directory are similar to those of the two sets of parameters, directory mode and force directory mode, which have the same characteristics as those of the newly created file. Write list & read list: these two parameters are used to specify that users can write and users can only read. It is worth noting that if a user appears in both lists, the user also has the write permission (inconsistent with the one described in man's document) writeable (! Read only): this parameter is used to control whether shared directories can be written. It is worth noting that even if writeable = no, but the write list parameter contains a user, the user can still write the hosts deny & hosts allow parameter. If there is a conflict between the two, the rules in hosts allow take effect.