How Linux builds Samba services in detail

1.samba Introduction
Samba is a free software that implements the SMB protocol on Linux and UNIX systems, with server and client program components
After we learned about NFS Services, NFS, like Samba, is an implementation of file sharing in the network, but slightly different, and the NFS service does not support the Windows platform. This chapter describes the samba service as an implementation of the ability to share files between hosts of any SMB protocol, including Windows.
SMB (Server Messages block, information service blocks) is a kind of communication protocol for sharing files and printers on LAN, which provides shared services of files and printers among different computers in LAN.
The SMB protocol is a client/server protocol that allows clients to access shared file systems, printers, and other resources on the server. By setting up "NetBIOS over TCP/IP", Samba will not only share resources with local network hosts, but also share resources with computers around the world.

The 2.samba listening ports are:

TCP	UDP
139	137
445	138

The service that corresponds to the TCP port is a Samba service that provides shared access to files and print resources in the server.
The service that corresponds to the UDP port is the Nmbad service, and its role is to provide resolution based on the NetBIOS host name

3.samba Process:

Process	the corresponding protocol
Nmbd	Corresponding NetBIOS protocol
Smbd	Corresponding CIFS protocol
WINBINDD + LDAP	Corresponding Windows AD Active Directory

4.samba Users:

Number

Account	Password
It's all system users.	Samba Service own password file
/etc/passwd	Set by smbpasswd-a username command

5.samba Security Level
There are three security levels for Samba servers, namely user, server, domain

Security Level	function
User	Local-based authentication
Server	Authentication of user identities by another specified server
Domain	Authenticating by Domain control

There are four security levels supported for previous versions of Samba, respectively Share,user,server,domain
Share is used to set up anonymous access, but the current version does not support share, but it can still achieve anonymous access, but the configuration is changed.

6.samba configuration file
/etc/samba/smb.conf (master configuration file)

three major components of samba	function
"Global"	Global configuration, where the settings are valid for the entire Samba server
"Homes"	Host directory sharing settings, which are used to set the default share for Linux users, corresponding to the user's host directory. When a user accesses a shared directory with the same name as his or her user name in the server, it is automatically mapped to the user's host directory after validation
"Printers"	Printer Sharing settings

Common configuration file Parameters:

Parameters	function
Workgroup	Indicates setting the workgroup name
Server string	Represents a Samba server description
Security	Represents the set security level, which can be a value of share, user, server, domain
Passdbackend	Indicates the type of shared account file to be set, with a value of Tdbsam (TBD database file), Ldapsam (LDAP directory authentication), SMBPASSWD (compatible with older samba password files)
Comment	Represents a comment that sets the corresponding shared directory, that is, the file share name
Browseable	Indicates whether the settings share is visible
Writable	Indicates whether the settings directory is writable
Path	Represents the path to a shared directory
Guest OK	Indicates whether the shared directory is accessible to all per capita
Public	Indicates whether the setting allows anonymous user access
Write List	Represents the set of users and groups that are allowed to write, with a group that is represented by @, such as Write = root, @root
Valid users	Set the users and groups you can access, such as valid users = root, @root
Hosts Deny	Sets which host access is denied, such as hosts Deny = 192.168.209.12
Hosts allow	Set which host access is allowed, such as hosts Deny = 192.168.209.13
printable	Indicates whether the setting is a printer

Test the configuration file for syntax errors and show the configuration that is finally in effect: using the Testparm command

[[email protected] ~]# testparmLoad smb config files from /etc/samba/smb.confrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)Processing section "[homes]"Processing section "[printers]"Processing section "[print$]"Processing section "[lan]"Loaded services file OK.Server role: ROLE_STANDALONEPress enter to see a dump of your service definitions

7.samba Access
Environment Description:

Server IP	Client IP
192.168.209.12	192.168.209.13

Interactive data access (with two access modes) to see what share resources are available on the Samba server

Smbclient-l Host-u USERNAME For example: [[email protected] ~]# smbclient-l 192.168.209.12-u lanenter SAMBA        \lan ' s password:domain=[lanzhiyong] os=[windows 6.1] Server=[samba 4.6.2] Sharename Type Comment        --------------------print$ disk Printer Drivers LAN disk LAN        ipc$ IPC IPC Service (Samba 4.6.2) Domain=[lanzhiyong] os=[windows 6.1] Server=[samba 4.6.2]            Server Comment----------------Workgroup Master--------- -------smbclient//server/share_name-u Usarename For example: [[email protected] ~]# smbclient//192.  168.209.12/lan-u lanenter Samba\lan ' s password:domain=[lanzhiyong] os=[windows 6.1] Server=[samba 4.6.2]smb: \> ls                                   .                                  D 0 Mon 6 16:10:26 2018.. D 0 Mon 6 15:53:39 2018  9999 D 0 Mon 6 16:10:22 2018 8888 D 0 Mon 6 16:10:26 2018 17811456 blocks of size 1024. 8041628 blocks AVAILABLESMB: \> quit//quit exit

 -----8. Instances (Configure user authentication sharing, which is to specify a user login password to access shared resources) if the server side and client are shutting down the firewall in order to implement the shared directory. Server-side ip:192.168.209.12 client ip:192.168.209.13 do the following on the server side:  

Install samba-* using the Yum command [[email protected] ~]# yum install-y samba-*//Map shared directory//create with LAN [[EMAIL&NBSP;PROTECTE           D] ~]# useradd-m LAN//create SMB share password for LAN users: [[[email protected] ~]# smbpasswd-a LAN New SMB password: To set the password retype new SMB password: "'//assuming that the map LAN user here is share user, then add the following to the/etc/samba/smbusers file:" [[EMAIL&NB Sp;protected] ~]# echo ' LAN = Share ' >/etc/samba/smbusers//Add the following in the global configuration: [[email protected] ~]# vim/e tc/samba/smb.conf [Global] workgroup = Samba Security = user Username map =/etc/samba/smbusers//Add This line content passdb backend = tdbsam//Create a shared directory Lanzhiyong [[email protected] ~]# mkdir/opt/lanzhiyong [[email&] Nbsp;protected] ~]# chown-r lan.lan/opt/lanzhiyong/[[email protected] ~]# LS-LD/OPT/LANZHIYONG/DRWXR-XR -X. 4 LAN LAN 30 August 6 16:10/opt/lanzhiyong/"//config share" [[email protected] ~]# cat >& Gt /etc/samba/smb.conf<<eof [lan] comment = LAN Path =/opt/lanzhiyong browseable = yes guest OK = yes writable = yes writ E list = Share public = yes [[email protected] ~]# tail-8/etc/samba/smb.conf [lan] comment = LAN PA th =/opt/lanzhiyong browseable = yes guest OK = yes writable = yes write list = share public = yes " '//Start SMB Service [[[email protected] ~]# systemctl start SMB//restart SMB service [[email protected] ~]# systemctl Res Tart SMB//reload SMB Service [[email protected] ~]# systemctl reload SMB//Set up SMB service starts with system boot [[EMAIL&NBSP;PROTECTE] D] ~]# systemctl enable SMBC "* * *//install samba-smbclient on client first [[email protected] ~]# yum install-y Sam Ba-client//See what share Resources the SAMBA server has on the client [[email protected] ~]# smbclient-l 192.168.209.12-u share Enter samba\share ' s password: ' domain=[lanzhiyong] os=[windows 6.1] Server=[samba 4.6.2] Sharename Type Comment--- ------       ----      -------print$ disk Printer Drivers LAN disk LAN ipc$ IPC IPC Serv             Ice (Samba 4.6.2) Domain=[lanzhiyong] os=[windows 6.1] Server=[samba 4.6.2] Server Comment--------- -------Workgroup Master----------------//Create the directory to which you want to mount the client [[email&nbsp ;p rotected] ~]# mkdir/opt/smb//attach the shared resource LAN of the Samba server to the client local [[email protected] ~]# mount-t cifs//192.168.209.12/ lan/opt/smb/-o username=share,password=redhat[[email protected] ~]# df-h file system capacity used available % mount point

    /dev/mapper/centos-root   17G  9.4G  7.7G   55% /    devtmpfs                 478M     0  478M    0% /dev    tmpfs                    489M     0  489M    0% /dev/shm    tmpfs                    489M  6.8M  482M    2% /run    tmpfs                    489M     0  489M    0% /sys/fs/cgroup    /dev/sda1               1014M  125M  890M   13% /boot    tmpfs                     98M     0   98M    0% /run/user/0 //192.168.209.12/lan      17G  9.4G  7.7G   55% /opt/smb   //在客户机上进行共享目录创建新文件   [[email protected] ~]# cd /opt/smb/   [[email protected] smb]# touch 8888   [[email protected] smb]# mkdir 9999   [[email protected] smb]# ls   8888  9999

    //最后到服务器端上验证：

      [[email protected] lan]# cd /opt/lanzhiyong/      [[email protected] lanzhiyong]# ls      8888  

9. Instance (Configure anonymous sharing, which is the ability to access shared resources without a password)
If the server side and the client are shutting down the firewall before the shared directory can be implemented. Server-side ip:192.168.209.12 client ip:192.168.209.13
First on server side:

    Install the Samba server using the yum command [[[email protected] ~]# yum install-y samba-*//Add the following in the global configuration: [[Email protecte D] ~]# vim/etc/samba/smb.conf [global] workgroup = Samba Security = User Map to Guest = Bad user//Add this  Line content//Create a shared directory Lanzhiyong [[email protected] ~]# mkdir/opt/lanzhiyong [[email protected] ~]# chmod-r 777/opt/lanzhiyong/[[email protected] ~]# ll-ld/opt/lanzhiyong/drwxrwxrwx. 4 LAN LAN 30 August 6 16:10/opt/lanzhiyong///configuration sharing [[email protected] ~]# cat >>/etc/samba/smb.conf <&lt ; EOF [Lanzhiyong] comment = Lanzhiyong Path =/opt/lanzhiyong browseable = yes guest OK = yes writable = yes public = Yes EOF [[email protected] ~]# tail-7/etc/samba/smb.conf [Lanzhiyong] comment = Lanzhiyong Path =/opt/lanzh Iyong browseable = yes guest OK = yes writable = yes public = yes//start SMB Service [[email protected] ~]# Systemctl star T SMB does the following on the client://install SAMBA-SMBCLI on the client firstent [[email protected] ~] #yum install-y samba-client//See what shared resources are available on the Samba server at the client [[email protected] ~] #s Mbclient-l 192.168.209.12-u ' bad User ' Enter samba\bad user ' s password:anonymous login successful Os=[windo          WS 6.1] Server=[samba 4.6.2] Sharename Type Comment--------------------print$ Disk Printer Drivers LAN disk LAN ipc$ IPC IPC Service (Samba 4.6.2) anony MOUS login successful os=[windows 6.1] Server=[samba 4.6.2] Server Comment------------- ---Workgroup Master----------------

//mount the shared resource LAN of the Samba server to the client local

  [[email protected] ~]# mount-t cifs//192.168.209.12/lanzhiyong/opt/smb/-o username=share,password=   Redhat[[email protected] ~]# df-h file system capacity used available% mount point/dev/mapper/centos-root 17G 9.4G 7.7G                    55%/devtmpfs 478M 0 478M 0%/devtmpfs 489M 0 489M 0%/dev/shmtmpfs               489M 6.8M 482M 2%/runtmpfs 489M 0 489M 0%/sys/fs/cgroup/dev/sda1      1014M 125M 890M 13%/boottmpfs 98M 0 98M 0%/run/user/0//192.168.209.12/lanzhiyong 17G 9.4G 7.7G 55%/OPT/SMB//Create a new file on a shared directory on the client [[email protected] ~]# cd/opt/smb/[[Email prot] Ected] smb]# Touch 123 [[email protected] smb]# mkdir 123123123 [[email protected] smb]# ls 123 123123 123//To Server-side authentication: [[email protected] ~]# cd/opt/lanzhiyong/[[email protected] lanzhiyong]# LS 123 1231 23123  

How Linux builds Samba services in detail