RHEL7 Configuring Samba: Auto-mount and multi-user mount on boot
Install Samba (the version of Samba provided by CentOS 7/redhat 7 is samba 4)
Boot up
Start the service
View listening ports (view connection status using netstat or SS commands)
Firewall release
Then we look at the configuration file smb.conf
Note When configuring any services, there is a basic sequence of configurations involving permission access:
1. Configuration files, settings in various conf files
2. Access to file permissions, whether the user has the corresponding RWX permissions
Whether the context and Boolean values of the 3.SELinux are open
SMB is no exception.
The configuration file alerts you to the configuration of SELinux at the outset.
Label 1: Tell us we can perform testparm detection of Samba configuration file syntax correctness
Designator 2:samba_enable_home_dirs Boolean value allows access to the user's home directory
Label 3:samba_share_t need to assign this context to the corresponding shared file
The configuration section of global mainly sets workgroup name, description information, NetBIOS name, listener interface or IP, allow domain name or network scope, etc.
Note: Hostsallow represents the allowed IP or domain name, and the writing format can be expressed in the following way
Host IP: Multiple IP addresses are separated by spaces, such as: 172.25.0.1172.25.0.2
Network segment: Can be expressed as a mask length or subnet mask, such as: 172.25.0.0/24 or 172.25.0.0/255.255.255.0
IP subnet prefix: 172.25.0. or 172.25. Indicates the address to start with 172.25.0. or 172.25.
Host name or host suffix name: such as desktop.example.com or. example.com
- IPV6 Address: 2001:DB8:0:1::/64
Log storage point, local authentication using User (Username mode authentication)
The value of the parameter security under Samba 4 is no longer allowed to be share and server, it is recommended to use the user
Samba 4 If you want to have an anonymous access share, you can open the map to Guest = Bad User
By adding the map to guest =bad user in the [Global] section, this configuration means that all users that are not properly identified by the Samba system host are mapped to guest users, so that the user name and password are no longer required for other hosts to access the Samba shared directory. Add Guestok = Yes in the Define share section.
Finally, shared files
Example 1: Next we create a directory (for example:/common) and share through Samba output
With the SMB shared/common directory, the Samba server must be a member of the staff workgroup, the share name must be common, and only clients within the group3.example.com domain can access common Shared (the system in group3.example.com is in the subnet 172.24.3.0/24), the same system is in this subnet, common must be browsable, and the user Harry must be able to
Read the contents of the share, and if necessary, verify that the password is Migwhisk
#yuminstall –y Samba samba-client samba-common//smbpasswd command in the bag
#mkdir/common
#chcon-R-T Samba_share_t/common
#setsebool-P Samba_export_all_rwon
Vim/etc/samba/smb.conf
workgroup= Staff
[Common]
Path =/common
browseable= Yes
#useradd Harry.
#smbpasswd-a Harry-with password set to Migwhisk
Note: SMBPASSWD used with samba is recommended for installation in Samba-client samba-client
#systemctl start SMB
#systemctl Enable SMB
#firewall-cmd--zone=public--permanent–add-rich-rule= ' rule family= ' IPv4 ' source Address=172.24.3.0/24service name= Samba Accept '
#firewall-cmd–reload
Or
Use the hosts allow = 172.24.3 in the share definition of the smb.conf configuration file. Only client access within the group3.example.com domain is allowed.
Test access to the Samba share on the client
Windows Client
Enter "IP for//samba server" carriage return
Enter user name and password, return
Testing access from Linux clients
Note: Mounting the SMB share is using the CIFS file system
or use mount.cifs mount
Note: The Mount.cifs command is provided by the Cifs-utils software
Note: The role of the SEC option is to select the security model
Note: Linux as a client mounts Windows share (shared directory is NTFS file system) also needs to install Cifs-utils package
You can use the man mount.cifs to view the hand delete page
Example 2: Configuring multi-user SMB mounts
The SYSTEM1 share through the SMB directory/devops meets the following requirements:
Share named DevOps
Shared directory DevOps can only be used by clients in the group3.example.com domain
Shared directory DevOps must be able to be browsed
The user Kenji must be able to access this share in a read manner, and the password is Atenorth
User Chihiro must be able to read and write access to this share, the access password is Atenorth
This share is permanently mounted on the system2.group3.example.com/mnt/dev directory and is authenticated using the user Kenji. Any user can temporarily obtain write permission through the user Chihiro.
Create a directory on SYSTEM1 (SMB shared server)
#mkdir/devops
Create related users
#useradd Kenji
#useradd Chihiro
Set ACL permissions for the/devops directory
#setfacl-M U:chihiro:rwx/devops
Set SELinux
#chcon-R-T Samba_share_t/devops
#setsebool-P Samba_export_all_rwon
Modifying a configuration file
Vim/etc/samba/smb.conf
[DevOps]
Path =/devops
browseable= Yes
Writelist = Chihiro
Add Samba Users
#smbpasswd-a Kenji
#smbpasswd-A Chihiro
Restart Service
#systemctl Restart SMB NMB
The configuration on the SYSTEM2 (SMB client) is as follows:
Create to test related users
#useradd Lisi
#useradd Zhangsan
To create a mount point:
#mkdir/mnt/dev
Create a password file
Vim/root/multiuser.txt
Username=kenji
Password=atenorth
Write in Fstab:
System1.group3.example.com/devops/mnt/dev CIFS
Defaults,credentials=/root/multiuser.txt,multiuser,sec=ntlmssp0 0
Note: Mount the SMB share on the client if you use the credentials (specify authentication credentials) parameter, install the Cifs-utils package.
or write in Fstab:
System1.group3.example.com/devops/mnt/dev CIFS
Defaults,username=kenji,password=atenorth,multiuser,sec=ntlmssp0 0
#mount –a
Performing DF–HT Verification Mounts
#su –lisi
Since you can see that the client user Lisi does not have any permissions, Lisi to access the shared directory as read-only, perform the following command to synchronize the server Kenji user identity
#cifscredsadd System1-u Kenji
As shown in the following:
The client user Lisi can be seen to read but still cannot perform the write operation.
How can a client Zhangsan write to a shared directory and implement it?
method is to perform the following command to synchronize the server Chihiro user identity
#su –zhangsan
#cifscredsadd System1–u Chihiro
Note: Cifscreds is a tool for managing authentication credentials (user name and password) for multi-user set-up session purposes
Example 3: Requirements description
Share name Path permissions
Sharedoc/smb/docs all personnel, including guests, can access
Rddocs/smb/tech only allow read and write access for users of specific groups
The group name for a specific group is Rd, and the current Alice, Jack, and Tom three people
Configuring the Samba server
Create a shared directory (assuming a file in the shared/SMB directory)
#mkdir-P/smb/docs
#mkdir-P/smb/tech
Edit smb.conf File
Add a map to guest item in the global section
Add the following shared configuration items in the Share definition section
Create System user and group accounts
Add a user to an RD group
Create a Samba user
Modify Directory Permissions
Restarting the SMB service
To test access to the SMB share on the client
Take Windows system as an example, enter on the client: \samba server IP
Open the Sharing window directly, you need to enter the user name and password when accessing the Rrdocs shared directory
If you are interested in this, please scan the QR code below for free for more details
LINUX7/CENTOS7 Samba Service Configuration detailed