LINUX7/CENTOS7 Samba Service Configuration detailed

RHEL7 Configuring Samba: Auto-mount and multi-user mount on boot

Install Samba (the version of Samba provided by CentOS 7/redhat 7 is samba 4)

Boot up

Start the service

View listening ports (view connection status using netstat or SS commands)

Firewall release

Then we look at the configuration file smb.conf

Note When configuring any services, there is a basic sequence of configurations involving permission access:

1. Configuration files, settings in various conf files

2. Access to file permissions, whether the user has the corresponding RWX permissions

Whether the context and Boolean values of the 3.SELinux are open

SMB is no exception.

The configuration file alerts you to the configuration of SELinux at the outset.

Label 1: Tell us we can perform testparm detection of Samba configuration file syntax correctness

Designator 2:samba_enable_home_dirs Boolean value allows access to the user's home directory

Label 3:samba_share_t need to assign this context to the corresponding shared file

The configuration section of global mainly sets workgroup name, description information, NetBIOS name, listener interface or IP, allow domain name or network scope, etc.

Note: Hostsallow represents the allowed IP or domain name, and the writing format can be expressed in the following way

1. Host IP: Multiple IP addresses are separated by spaces, such as: 172.25.0.1172.25.0.2

2. Network segment: Can be expressed as a mask length or subnet mask, such as: 172.25.0.0/24 or 172.25.0.0/255.255.255.0

3. IP subnet prefix: 172.25.0. or 172.25. Indicates the address to start with 172.25.0. or 172.25.

4. Host name or host suffix name: such as desktop.example.com or. example.com

5. IPV6 Address: 2001:DB8:0:1::/64

Log storage point, local authentication using User (Username mode authentication)

The value of the parameter security under Samba 4 is no longer allowed to be share and server, it is recommended to use the user

Samba 4 If you want to have an anonymous access share, you can open the map to Guest = Bad User

By adding the map to guest =bad user in the [Global] section, this configuration means that all users that are not properly identified by the Samba system host are mapped to guest users, so that the user name and password are no longer required for other hosts to access the Samba shared directory. Add Guestok = Yes in the Define share section.

Finally, shared files

Example 1: Next we create a directory (for example:/common) and share through Samba output

With the SMB shared/common directory, the Samba server must be a member of the staff workgroup, the share name must be common, and only clients within the group3.example.com domain can access common Shared (the system in group3.example.com is in the subnet 172.24.3.0/24), the same system is in this subnet, common must be browsable, and the user Harry must be able to

Read the contents of the share, and if necessary, verify that the password is Migwhisk

#yuminstall –y Samba samba-client samba-common//smbpasswd command in the bag

#mkdir/common

#chcon-R-T Samba_share_t/common

#setsebool-P Samba_export_all_rwon

Vim/etc/samba/smb.conf

workgroup= Staff

[Common]

Path =/common

browseable= Yes

#useradd Harry.

#smbpasswd-a Harry-with password set to Migwhisk

Note: SMBPASSWD used with samba is recommended for installation in Samba-client samba-client

#systemctl start SMB

#systemctl Enable SMB

#firewall-cmd--zone=public--permanent–add-rich-rule= ' rule family= ' IPv4 ' source Address=172.24.3.0/24service name= Samba Accept '

#firewall-cmd–reload

Or

Use the hosts allow = 172.24.3 in the share definition of the smb.conf configuration file. Only client access within the group3.example.com domain is allowed.

Test access to the Samba share on the client

Windows Client

Enter "IP for//samba server" carriage return

Enter user name and password, return

Testing access from Linux clients

Note: Mounting the SMB share is using the CIFS file system

or use mount.cifs mount

Note: The Mount.cifs command is provided by the Cifs-utils software

Note: The role of the SEC option is to select the security model

Note: Linux as a client mounts Windows share (shared directory is NTFS file system) also needs to install Cifs-utils package

You can use the man mount.cifs to view the hand delete page

Example 2: Configuring multi-user SMB mounts

The SYSTEM1 share through the SMB directory/devops meets the following requirements:

Share named DevOps

Shared directory DevOps can only be used by clients in the group3.example.com domain

Shared directory DevOps must be able to be browsed

The user Kenji must be able to access this share in a read manner, and the password is Atenorth

User Chihiro must be able to read and write access to this share, the access password is Atenorth

This share is permanently mounted on the system2.group3.example.com/mnt/dev directory and is authenticated using the user Kenji. Any user can temporarily obtain write permission through the user Chihiro.

Create a directory on SYSTEM1 (SMB shared server)

#mkdir/devops

Create related users

#useradd Kenji

#useradd Chihiro

Set ACL permissions for the/devops directory

#setfacl-M U:chihiro:rwx/devops

Set SELinux

#chcon-R-T Samba_share_t/devops

#setsebool-P Samba_export_all_rwon

Modifying a configuration file

Vim/etc/samba/smb.conf

[DevOps]

Path =/devops

browseable= Yes

Writelist = Chihiro

Add Samba Users

#smbpasswd-a Kenji

#smbpasswd-A Chihiro

Restart Service

#systemctl Restart SMB NMB

The configuration on the SYSTEM2 (SMB client) is as follows:

Create to test related users

#useradd Lisi

#useradd Zhangsan

To create a mount point:

#mkdir/mnt/dev

Create a password file

Vim/root/multiuser.txt

Username=kenji

Password=atenorth

Write in Fstab:

System1.group3.example.com/devops/mnt/dev CIFS

Defaults,credentials=/root/multiuser.txt,multiuser,sec=ntlmssp0 0

Note: Mount the SMB share on the client if you use the credentials (specify authentication credentials) parameter, install the Cifs-utils package.

or write in Fstab:

System1.group3.example.com/devops/mnt/dev CIFS

Defaults,username=kenji,password=atenorth,multiuser,sec=ntlmssp0 0

#mount –a

Performing DF–HT Verification Mounts

#su –lisi

Since you can see that the client user Lisi does not have any permissions, Lisi to access the shared directory as read-only, perform the following command to synchronize the server Kenji user identity

#cifscredsadd System1-u Kenji

As shown in the following:

The client user Lisi can be seen to read but still cannot perform the write operation.

How can a client Zhangsan write to a shared directory and implement it?

method is to perform the following command to synchronize the server Chihiro user identity

#su –zhangsan

#cifscredsadd System1–u Chihiro

Note: Cifscreds is a tool for managing authentication credentials (user name and password) for multi-user set-up session purposes

Example 3: Requirements description

Share name Path permissions

Sharedoc/smb/docs all personnel, including guests, can access

Rddocs/smb/tech only allow read and write access for users of specific groups

The group name for a specific group is Rd, and the current Alice, Jack, and Tom three people

Configuring the Samba server

Create a shared directory (assuming a file in the shared/SMB directory)

#mkdir-P/smb/docs

#mkdir-P/smb/tech

Edit smb.conf File

Add a map to guest item in the global section

Add the following shared configuration items in the Share definition section

Create System user and group accounts

Add a user to an RD group

Create a Samba user

Modify Directory Permissions

Restarting the SMB service

To test access to the SMB share on the client

Take Windows system as an example, enter on the client: \samba server IP

Open the Sharing window directly, you need to enter the user name and password when accessing the Rrdocs shared directory

If you are interested in this, please scan the QR code below for free for more details

LINUX7/CENTOS7 Samba Service Configuration detailed