Linux Samba Basic NFS Base

Source: Internet
Author: User


Two virtual machines, all to be detected


1. is yum available

2. Firewall default zone modified to trusted

3. Whether the IP address is configured



####################################################


Samba file Share (shared folder)


Samba Software Project

– Purpose: Provide shared folders for clients

– Protocol: SMB (TCP 139), CIFS (TCP 445)


Required Packages: Samba

System Services: SMB




First, to build basic samba services

1. Install the Samba package

2. Create a shared account for samba. Same user name as system, different password


[Email protected] ~]# useradd-s/sbin/nologin Harry

[Email protected] ~]# useradd-s/sbin/nologin Kenji

[Email protected] ~]# useradd-s/sbin/nologin Chihiro


[[email protected] ~]# pdbedit-a Harry #添加samba帐号, set the password

[[email protected] ~]# pdbedit-a Kenji #添加samba帐号, set password

[[email protected] ~]# pdbedit-a Chihiro #添加samba帐号, set password


[Email protected] ~]# pdbedit-l #列出所有有效的samba帐号


3. Modify the service configuration file/etc/samba/smb.conf

Added: Vim last line mode set Nu Add line number


89 Rows Workgroup = Staff

321 rows [Common] #共享名

322 line Path =/common #共享实际路径


[Email protected] ~]# Mkdir/common

[Email protected] ~]# echo haha >/common/abc.txt


4. Restart the SMB service, set to boot from


Virtual Machine Desktop0

Required Packages: Samba-client


[Email protected] ~]# smbclient-l//172.25.0.11

Enter Root ' s password:


[Email protected] ~]# smbclient-u Harry//172.25.0.11/common

Enter Harry ' s password:

Domain=[staff] Os=[unix] Server=[samba 4.1.1]

SMB: \> ls

Nt_status_access_denied Listing \*


Idea: Client access to server-side resources

1. Are firewalls restricted

2. Access control of the service itself

3.SELinux is limited


SELinux: Boolean value (switch of function)


Getsebool Viewing the SELinux switch

[Email protected] ~]# Getsebool-a | grep Samba

Samba_export_all_ro--off

SAMBA_EXPORT_ALL_RW--off


Setsebool Control SELinux Switch

– Require the-P option for permanent setup

[Email protected] ~]# Setsebool Samba_export_all_ro=on

[Email protected] ~]# Getsebool-a | grep Samba


Virtual Machine Desktop0

[Email protected] ~]# smbclient-u Harry//172.25.0.11/common

Enter Harry ' s password:

Domain=[staff] Os=[unix] Server=[samba 4.1.1]

SMB: \> ls


Required Packages: Cifs-utils


_netdev: After you turn on the network service, change to the device


1. Install the package cifs-utils

2. Modify/etc/fstab


172.25.0.11/common/mnt/samba CIFS User=harry,pass=123,_netdev 0 0


3. Mount-a Verification

Df-h




########################################################

Share read and write by Samba


1. Modify the configuration file/etc/samba/smb.conf


[DevOps]

Path =/devops

Write list = Chihiro


[Email protected]/]# Mkdir/devops

[Email protected]/]# echo Hahaxixi >/devops/123.txt

2. Restart the SMB service

3. Client Authentication:

[Email protected] ~]# smbclient-l 172.25.0.11

Enter Root ' s password:


4. Client Mount Verification

[Email protected] ~]# Mkdir/mnt/dev

[Email protected] ~]# Vim/etc/fstab

172.25.0.11/devops/mnt/dev CIFS User=chihiro,pass=123,_netdev 0 0

[Email protected] ~]# mount-a

[Email protected] ~]# df-h


##################################################

Other operations for reading and writing to samba shares


Idea: Client access to server-side resources

1. Are firewalls restricted

2. Access control of the service itself

3.SELinux is limited

4. Server-side directory local permissions


I. Modify server-side SELinux boolean value, open read/write

[Email protected]/]# Getsebool-a | grep Samba

[Email protected]/]# Setsebool Samba_export_all_rw=on

[Email protected]/]# Getsebool-a | grep Samba


Second, directory local permissions

[Email protected]/]# ls-ld/devops/

[Email protected]/]# setfacl-m u:chihiro:rwx/devops/

[Email protected]/]# getfacl/devops/


Third, client authentication

[Email protected] ~]# Touch/mnt/dev/test.txt


########################################################

Multiuser multi-user access (Learn)


–multiuser, provides differentiated support for multiple user identities on clients

–SEC=NTLMSSP, providing NT LAN management security support


Client Completion:

[Email protected]/]# Vim/etc/fstab

172.25.0.11/devops/mnt/dev CIFS USER=KENJI,PASS=123,_NETDEV,MULTIUSER,SEC=NTLMSSP 0 0


[Email protected]/]# umount/mnt/dev/

[Email protected]/]# mount-a

[Email protected]/]# df-h


[Email protected]/]# su-student

[Email protected] dev]$ Cd/mnt/dev

[Email protected] dev]$ cifscreds add-u Chihiro 172.25.0.11

Password:

[[email protected] dev]$ ls

[email protected] dev]$ Touch abc.txt

[[Email protected] dev]$ exit


#########################################################

Configure NFS Sharing


Network File system

– Purpose: Provide shared folders for clients

– Protocol: NFS (TCP/UDP 2049), RPC (TCP/UDP 111)


Required Packages: Nfs-utils

System Services: Nfs-server


Building basic read-only NFS services

1. On the virtual machine Server0, detect if the nfs-utils is installed

[Email protected]/]# rpm-q nfs-utils


2. Modify the configuration file/etc/exports

[Email protected]/]# Mkdir/public

[Email protected]/]# echo Hehelele >/public/nsd.txt

[Email protected]/]# Vim/etc/exports


/public 172.25.0.0/24 (RO)

3. Restart Nfs-server service, set boot from

[Email protected]/]# systemctl restart Nfs-server

[Email protected]/]# Systemctl enable Nfs-server


4. Client access to the Nfs-server service

[Email protected]/]# Mkdir/mnt/nfs

[Email protected]/]# showmount-e 172.25.0.11

[Email protected]/]# Vim/etc/fstab


172.25.0.11:/public/mnt/nfs NFS _netdev 0 0


[Email protected]/]# mount-a

[Email protected]/]# Ls/mnt/nfs

#######################################################


Read-Write Nfs-server service


I. Client root user Read and write

Service side:

[Email protected]/]# MKDIR/ABC

[Email protected]/]# echo 123 >/abc/a.txt

[Email protected]/]# Vim/etc/exports

/ABC 172.25.0.0/24 (rw)


[Email protected]/]# systemctl restart Nfs-server


Client:

[Email protected]/]# Vim/etc/fstab

172.25.0.11:/ABC/MNT/NSD NFS _netdev 0 0


[Email protected]/]# MKDIR/MNT/NSD

[Email protected]/]# mount-a

[Email protected]/]# df-h


Service side:

[Email protected]/]# Vim/etc/exports

/ABC 172.25.0.0/24 (Rw,no_root_squash) #不压榨客户端root权限


[Email protected]/]# systemctl restart Nfs-server


Client:


[Email protected]/]# Systemctl restart NFS #重起客户端服务

[Email protected]/]# Touch/mnt/nsd/5.txt



Second, ordinary users

Client access to the service-side Nfs-server service,

The server will determine the permissions of the local user with the same UID as the client.


LDAP: Network user, providing user name

Kerberos: Password authentication, implementation of "One-time password authentication, multiple free login" pass mechanism


Service side:

[Email protected]/]# Lab NFSKRB5 Setup

[[email protected]/]# grep ldapuser0/etc/passwd

[[email protected]/]# ID LDAPUSER0


1. Deploying a Kerberos encrypted key file

wget Http://172.25.254.254/pub/keytabs/server0.keytab-O/etc/krb5.keytab

[Email protected]/]# Ls/etc/krb5.keytab


2. Modify the configuration file

[Email protected]/]# Vim/etc/exports

/ABC 172.25.0.0/24 (rw,no_root_squash,sec=krb5p)


3. Re-starting Nfs-server and Nfs-secure-server

# systemctl Restart Nfs-server nfs-secure-server




Client:

[Email protected]/]# Lab NFSKRB5 Setup

[[email protected]/]# grep ldapuser0/etc/passwd

[[email protected]/]# ID LDAPUSER0


1. Deploying a Kerberos encrypted key file

wget Http://172.25.254.254/pub/keytabs/desktop0.keytab-O/etc/krb5.keytab


[Email protected]/]# Ls/etc/krb5.keytab


2. Modify/etc/fstab

172.25.0.11:/ABC/MNT/NSD NFS _netdev,sec=krb5p 0 0


3. Restart NFS and Nfs-secure services

[[email protected]/]# Systemctl restart NFS Nfs-secure


4. Verifying the Mount

[Email protected]/]# UMOUNT/MNT/NSD

[Email protected]/]# mount-a

[Email protected]/]# Df-ah





Linux Samba Basic NFS Base

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.