Installation and configuration of samba under Linux

Background
Under the window7 virtual a CentOS6.3, in order to learn the command line there is no graphics package, so my centos is the kind of black screen, hehe, of course, VMware provides enhanced features I can not use (perhaps, I do not know how to set?) ), just to take this opportunity to force themselves to learn from Samba, said "forced" is not exaggerated, I from 6 o'clock in the afternoon yesterday to 8 o'clock now have not slept, of course, do not sleep and other reasons. Here are my results of the night, written to show you.
First, Introduction
Samba is a suite of tools that implement SMB (Server Message Block) on Unix. SMB is typically used by Windows for sharing, including files and printers. UNIX-mounted SMB enables UNIX to connect with Windows to achieve interoperability between the two.
Second, installation
$rpm-qa | grep Samba
$yum Install Samba,samba-client
Iii. Common Commands
1.service SMB Status #查看smd服务的状态
2.service SMB Start #运行smb服务
3.service SMB Stop #停止服务
4.service SMB Restart #重启服务, but in practice it is not generally used
5.service SMB Reload #重载服务, more commonly used in practice, without stopping the service
6.pstree | grep SMB
Iv. Configuration
4.1. Basic Configuration
The main configuration file for Samba is placed under the/etc/samba/smb.conf folder. The file can be divided into two parts, the first part is the global configuration, the second part is the local configuration. Here is a configuration file and related comments:
[Global] #全局配置, the configuration file is segmented in [segname], except that all segments are affected by the global influence
Workgroup = MyGroup #samba的工作组
Server string = Samba server Version%v #samba的说明信息
NetBIOS name =aric #简单的说就是计算机名称
Log file =/var/log/samba/%m.log #日志文件存放位置
Max log size = Ten #日志文件大小, in M
Security = Share #安全选项, can be share,user,server,domain safety level increment
Encrypt passwords = yes #密码是否加密
SMB passwd file =/etc/samba/smbpasswd #密码文件存放位置
Username map =/etc/samba/smbusers #用户文件存放位置
[Share] #局部配置, [] inside is the paragraph name, that is, our share name
Comment = This is my shared folder. #该共享的说明
Path =/home/share #共享路径
writeable = yes #共享文件夹是否可写
browseable = yes #是否可浏览
Guest OK = yes #跟public一样, whether guest user is allowed
Create mode =0664 #创建文件权限定制
Directory mode=0775 #创建文件夹权限
Valid users= allow access to this shared user
Invalid usrs= forbidden user, Root, @group, @ = Group
Admin users= the shared manager
Write list= User
Display Charset=utf-8
Unix Charset=utf-8
Dos Charset=utf-8 #这三个是避免乱码的, dispaly is the code that displays the directory, and the other two correspond to the name. If DOS is Zh_CN.GB2312.GBK. Then 3 are all set to cp936
4.2 Detailed explanations in the configuration file
4.2.1 The security level of samba
Under Linux, Samba has four security levels, share, User, Server, Domain, and their security levels are low to high and are specified in the configuration file by the security parameter. The share level refers to the user does not need the account and password to log on to the server, the user level is the Samba server default security level, refers to the server is responsible for checking the account and password of the login, server level refers to the account and password check by another samba or Windows Server is responsible for The domain level refers to the account and password to be checked by a Windows nt/2000 server. When configuring a Samba server, users can configure them according to the different security levels required
How to store the 4.2.2 Samba password
Passdb backend = Tdbsam | Passdb | smbpasswd
Backend is the user background. There are three kinds of backstage: smbpasswd, Tdbsam and Ldapsam. Sam is security account manager.
(1). SMBPASSWD: This method uses the SMB tool SMBPASSWD to set a samba password to the system user (real user or virtual user) and the client accesses the Samba resource with this password. In other words, the creation of Yonghe in this way can be virtual, that is, the Linux system does not exist in the user can also. SMBPASSWD is stored in/etc/samba, and sometimes it needs to be created manually.
(2). Tdbsam: Create a user database with a database file. The database file is called Passdb.tdb, in/etc/samba. The PASSDB.TDB user database can use Smbpasswd–a to create Samba users, and Samba users to create must first be system users. You can also use Pdbedit to create a samba account. Pdbedit a number of parameters, listed several main:
Pdbedit–a Username: A new Samba account must first exist for this system user
Pdbedit–x Username: Delete Samba account.
Pdbedit–l: Lists the list of Samba users and reads the PASSDB.TDB database file.
PDBEDIT–LV: Lists the Samba user list details.
Pdbedit–c "[D]" –u Username: suspend the Samba user account.
Pdbedit–c "[]" –u username: Restore the Samba user account.
Generally called commonly used usage is:
$useradd user1
$SMBPASSWD-A User1 #这里可以改为pdbedit-a User1
$ Enter the shared password for User1
$ confirm User1 's shared password
(3). Ldapsam: Authenticates the user based on the LDAP account management method. The first thing to do is to set up an LDAP service, setting "Passdb backend = Ldapsam:ldap://ldap Server" I'm not sure, so I won't say it.

4.3. User mapping
Since we must have the same name as the system user when creating the samba user, which means it is unsafe (and of course some people would like to see it), however, Samba has solved this problem by providing a user mapping, which is in/etc/samba/smbusers,
Root=administrator
Nobody=guest Pcguest
Test=prefer
This is OK, the money two lines is to facilitate the use of Windows users, the last line is to cover the user information, that is, for security.

4.4. Common sharing
[Homes] sharing defaults to sharing the user's home directory, which is not secure, so we have to annotate it, and of course [Netlogon]

Five, frequently asked questions
5.1. Prompt does not have permission to access
The premise is that we will security=share, that is, do not require account password, so still cannot access, always said no access. Here are a few reasons:
5.1.1 Firewall Issues
The port used by Samba does not have an exception in the firewall, causing the Samba service to not be available, and the workaround can be
$iptables-F #清除防火墙的规则
It is also possible to add exceptions to the ports used by Samba by using the setup, preferably with the second method, after all, the firewall must also ensure the security of the system.
(2) The problem of SELinux
This is the reason for the system itself, when we install the system, SELinux is installed, and SELinux prohibits other computers on the network from writing to the shared directory on Samba, even if the operation is allowed in smb.conf, the workaround is:
$setenforce 0
I've had a lot of trouble on this.
(3) Issues with shared folder permissions
We share the path itself is not the right permissions, that is, we are in the smb.conf assigned permissions are readable writable, but in the Linux file system, the shared folder is read-only, so there is a problem, we generally say that the shared folder in the Linux drop permissions are all open.
$chmod 777/share
5.2. Prompt user name or password is incorrect
When we use the security level as user, we need to enter the username and password, but the username and password are correct, but always prompt for errors. This is because we enter the user name under WinDOS, the default is in the Windows domain, two of our accounts are built on Linux, so it is not right, as long as the domain name of our Linux host is loaded in front of the line. For example Linux below the User2, we directly input user2 may not be wrong, we must put our Linux host name in front, such as
Hostname/user2
5.3.nt_status_wrong_password
When we use in Linux
$smbclient//192.168.102.133/share
Enter root ' s password: enter here
Domain=[groupname] Os=[unix] Server=[samba 3.5.10-125.el6]
Server not using the user level security and no password supplied
Tree Connect Failed:nt_status_wrong_password
Here is the configuration file
[Share]
comment= User Share
Path =/home/share
browseable = yes
writable = yes
Security = yes
Should not be wrong, but is an error ah, later only to know, a line less
Public =yes
Because Samba does not allow anonymous users to access it by default
5.4. Mount Windows shared folder, Smbmount not present, SMBFS invalid option
In a nutshell, we can mount a shared folder under Windows by right-clicking the folder under Windows, selecting the Sharing option, and then sharing it to a specific user. To Linux
$ smbmount//WINDOWSIP address/share name mount point-O option 1, option 2
But hint Smbmount does not exist, Yum can not find, in fact, Smbmount this package is too old, has been eliminated, so certainly can not find, in time found can not be used. You can use Mount instead,
Smbmount = = Mount-t Smbfs???
In fact, this is also unequal, because SMBFS also eliminated, now the Times progress too fast, hehe, smbfs that the SMB file system has been replaced by CIFS (Common Internet File system), so we want to use Mount-t CIFS instead.
Final command:
Mount-t cifs-o username=xxx password=xxx//windowsip address/share name/mnt/mount point

Six little crap.
Because this is my evening writing, the spirit may not be very good, so inevitably there are errors and shortcomings, but also hope that we point out that we progress together!

Installation and configuration of samba under Linux