ENGINEER1.3
Configure the SMB share
Samba Service Basics
Purpose: Provide a shared folder for clients
Protocol: SMB (tcp139), CIFS (tcp445)
Building a basic Samba service
Installing the Samba Package
#yum-y Install Samba
2. Create a shared account for Samba
#useradd-S/sbin/nologin/harry
#useradd-S/sbin/nologin/kenji
#useradd-S/sbin/nologin/chihiro
3. Add a Samba account, set a password
#pdbedit-a Harry
#pdbedit-a Kenji
#pdbedit-A Chihiro
#pdbedit-L #列出所有的samba帐号
4. Modify configuration files and parameters
#vim/etc/samba/smb.conf
Workgroup=staff
"Common"
Path =/common
5. Restart the service, set to start
#systemctl Restart SMB
#systemctl Enable SMB
6. Verification
On desktop:
Pack: #yum-y Install Samba-client
#smbclient-u Harry 172. 25.0.11/common
On the server:
#setsebool Samba-all-rw=om
#getsebool-A | grep Samba
--------------------------------------------------------------------------------------------------------------- -------------------------
accessing shared Folders
On desktop:
Installation: #yum-y Install Cifs-utils
Modify #vim/etc/fstab
172.25.0.11/common/mnt/samba CIFS User=harry,pass=123,-netdev 0 0
3.mount-a Verification
#df-H
--------------------------------------------------------------------------------------------------------------- ------------------------
Share read and write by Samba
Modifying a configuration file
#vim/etc/samba/smb.conf
[DevOps]
Path=/devops
Write List =chihiro
#mkdir/devops
#echo Xuexue >/devops/123.txt
3. Restart the SMB service
#systemctl Restart SMB
Client:
#smbclient-L 172.25.0.11
4. Client Mount Verification
#mkdir/mnt/dev
#vim/etc/fstab
172.25.0.11/devops/mnt/dev CIFS User=chihiro,pass=123,_netdev 0 0
#mount-A
#df-H
5. Modify the server-side SELinux boolean value, open read/write
#getsebool-A | grep Samba
#setsebool Samba-export-all-rw=on
--------------------------------------------------------------------------------------------------------------- ------------------------------
Configure NFS Sharing
NFS: Network File system
Purpose: Provide a shared folder for clients
Protocol: NFS (tcp/udp2049), RPC (tcp/udp111)
Required Packages: Nfs-utils
System Services: Nfs-server
Pack (typically default installation)
#rpm-Q Nfs-utils
2. Modify the configuration file
#vim/etc/exports
/public 172.25.0.0/25 (RO)
/protected * (rw)
#exportfs-R
3. Restart Service
#systenctl Restart Nfs-server
Accessing NFS Shared Folders
#showmount-E server address #列出有哪些NFS共享资源
#mount Server Address: Folder path mount point #手动挂载NFS共享
Boot mount configuration:/etc/fstab
--Server Address: Folder path mount point Nfs-netdev 0 0
Configuration:
#vim/etc/fstab
..
172.25.0.11:public/mnt/nfsmount NFS _netdev 0 0
#mount-A Mount
--------------------------------------------------------------------------------------------------------------- -----------------------
Secure NFS Service
Characteristics:
---combined with Ldap+kerberos technology for authentication and encryption support
---the same Kerberos domain, Authenticated users can achieve "one-time password authentication, multiple-pass authentication" of the passport mechanism
Publish Secure NFS
Steps:
Adjust the shared directory configuration to start secure NFS support
Deploying a Kerberos Key File
Start the Nfs-secure-server service
#vim/etc/exports
/protected * (rw,sec=krb5p)
Under the Server0:
#wget Http://classroom/pub/keytabs/server0.keytab-O/etc/krb5.keytab
#file/etc/krb5.keytab //Check Deployment results
Under the desktop0:
#wget Http://classroom/pub/keytabs/desktop0.keytab-O/etc/krb5.keytab
#file/etc/krb5.keytab //Check Deployment results
On the Server0:
To create a specified subdirectory:
#mkdir/protected/project
#chowm ldapuser0/protected/projrct //Give writable permission
To adjust the security control type for a shared directory:
#vim/etc/exports/public
172.25.0.0/24 (RO)/protected
172.25.0.0/24 (rw,sec=krb5p) //Specify security type
Restart the system service Nfs-server, Nfs-secure-server, set the boot start
#systemctl Restart Nfs-server nfs-secure-server
#systemctl Enable Nfs-server Nfs-secure-server
--------------------------------------------------------------------------------------------------------------- --------------------
Mount the secure NFS share on DESKTOP0/protected
To create a mount point
#mkdir/mnt/nfssecure
2. Start the system service Nfs-secure and configure boot
#systemctl Restart Nfs-secure
#systemctl Enable Nfs-secure
3. Configure boot-Mount secure NFS Sharing
#vim/etc/fstab
Server0.example.com:/public/mnt/nfsmount NFS _netdev 0 0
Server0.example.com:/protected/mnt/nfssecure NFS Sec=krb5p,_netdev 0 0
4. Verifying the Mount Configuration
#mount-A
#df-H
5. Test write access to mount points
Login to desktop0 with user Ldapuser0 via SSH, verify password (Kerberos) to get pass
# SSH [email protected]
[email protected] ' s password: //Enter password Kerberos
Access Desktop0 's mount point/mnt/nfssecure/subdirectory of project, test writable
$ touch/mnt/nfssecure/project/a.txt
$ ls-lh/mnt/nfssecure/project/a.txt
This article is from the Linux OPS blog, so be sure to keep this source http://13401400.blog.51cto.com/13391400/1979717
Linux operational ENGINEER1.3 (configuring SMB Sharing, configuring NFS sharing)