Notes for Linux practice engineers: samba

Source: Internet
Author: User
Notes for Linux practice engineers: samba-Linux Enterprise Application-Linux server application information. For more information, see below. Samba package usage

Packages provided by Fedora core/Redhat Linux

Samba Server Software Package

Samba-client samba client Tool

Samba-common tools and libraries



Install the rpmdb-fedora/rpmdb-redhat package (usually on the third disc)

However, this software package cannot be found in FC5.

Installing rpmdb can solve the dependency problem.

# Rpm? Ivh rpmdb-fedora *. rpm

# Rpm? Ivh -- aid samba *. rpm is valid only when rpmdb is installed.



1. # rpm? Ivh cups-libs *. rpm first disc

2. # rpm? Ivh samba *. rpm first disc (client, common)

3. # rpm? Ivh samba *. rpm second disc

# Rpm? Qa | grep samba view the list of all software packages

# Rpm? Ql samba | more query a Software List



Samba client Tool

Smbtree

Purpose: display the list of all shared hosts and directories in the LAN (the current user is logged on by default)

Usage: smbtree [-B] [-D] [-U username % password]

-D indicates that only the workgroup name is displayed, and the host is not displayed.

-B: queries the list using broadcast instead of the WINS server.

-D and-U cannot be shared, because it is impossible to use all hosts in the same user's Region



Nmblookup

Purpose: display the nethios Host Name of a host.

Nmblookup my-server Query server IP

Nmblookup \ * query the IP addresses of all active hosts



Smbclient

Purpose: Display/log on to the shared folder in the LAN

Usage: smbclient? L host

Smbclient // host/share

Smbclient? L 192.168.0.22? U redhat % redhat Log On As a redhat user and display the shared directory

Smbclient // 192.168.0.22/linux? U redhat % redhat

Log on to the directory, view the directory content, and download the file through put and get.



Smbtar (first modify the/usr/bin/smbtar command to delete the parameter-N in the last line from anonymous login)

Remote Backup of files in network neighbors

Smbtar? S win2000? U redhat? P redhat? X chinalab? T itlab.tar



Mount the shared directory to the local directory and then access

Mount. cifs // 192.168.0.22/linux/mnt? O username = redhat % redhat



Tar tvf lab.tar: displays the files in the backup package



Samba Server Configuration

1. modify the configuration file/etc/samba/smb. conf.

Workgroup = WORKGROUP

Security = share

[Docs]

Path =/usr/share/doc

Comment = share documents # description of the shared directory

Public = yes

2. Restart the smb server

# Service smb restart

# Chkconfig smb on enables Automatic startup of smb each time

3. Test

# Smbclient? L localhost



Chkconfig smb? List to view the service startup status



SMB provides name explanation Service

NMB provides data transmission service

The two always work together



Samba File Server

(WINS) The host list is not visible to the network neighbor. You can enter an IP address such as \ 192.168.0.1 in the address bar to view the shared directory.

The host list displayed by the network neighbor mainly consists of three sources: the configuration file lmhosts, which corresponds to the IP address.

Second, view the server. Third, obtain the host list through broadcast.


Linux access to network neighbors

1. Mount Method
# Mount? T smbfs // 192.168.0.1/linux/mnt
Or # mount. cifs/192.168.0.1/linux/mnt
2. # smbclient // 192.168.0.1/linux? U redhat % 123

Access Control
Public = yes allow all users to access
= No anonymous access is not allowed
1. Set a valid user for the shared directory
[Redhat]
Path =/var/redhat
Comment = redhat's files
Valid users = <@ Groupname>
2. Create a samba user
# Useradd username create a system user
# Smbpasswd? A username adds a user to samba
3. User Account ing
[Global]
Username map =/etc/samba/smbusers
4. Modify the smbusers file specified above and add the virtual user name
Redhat = tom jack

You can also use the following command:

# Smbuseradd unixname: mapname

5. Restart the smb service to read the ing file.

HOME Directory (for users to access their own HOME directories)
[Global]

[Homes]


Comment = Home Directories
Validusers = % S directory owner
Browseable = no the home directory cannot be viewed by default.
Writable = yes allow write
Valid users = valid user list
Write list = Writable User list
Create mask = 0660 define the default permissions for creating files
Directory mask = 0770 define the default permission for creating a directory

Chown redhat/var/redhat Change directory owner
Ls? Lh displays detailed information about each file in the directory.
Ls? Ld/usr/redhat only displays the details of the directory.

# Testparm test the correctness of the default configuration file smb. conf
# Testparm/etc/samba/smb. conf my-server 192.168.0.1
Test the directories on which the client can access the server.

[Redhat]
Path =/var/redhat
Comment = redhat's files
Public = no
Valid users = <@ Groupname>
Write list = <@ Groupname>
Create mask = 0660
Directory mask = 0770
Note: All access request identities of the client are mapped to the Logon account IDs on the server.




Samba configuration file
/Etc/samba/smb. conf
[Global]
Workgroup = WORKGROUP group or domain name
Server string = samba server description
Netbios name = redhat specify the samba server name
Security = share/user/server share user verification is not required and user verification is required
; Password server =
Must be used with security = server
Log file =/var/log/samba/log. % m indicates the netbios name of the client. logs are classified by client name.
Encrypt passwords = yes
The password is encrypted. For windows clients, the password is usually encrypted, so yes. If you use the plaintext password directly without encryption, you can change it to no. For windows clients, you need to modify the Registry to specify that the password is not encrypted.
Smb passwd file =/etc/samba/smbpasswd
The above two sentences should be used together!
Include =/etc/samba/smb. conf. % m contains an external configuration file, for example, defining different shared resources based on different client names
; Interfaces = 192.168.0.0/24 on which interface the samba application belongs. The default value is all NICs and all interfaces.
; Name resolve order = wins lmhosts bcaast name interpretation order
; Wins support = yes act as the WINS server and provide it to the client for query
; Wins server = w. x .. y. z used with WINS, as a WINS server, the request will be sent to w. x. y. z

/Etc/samba/lmhosts file (Save the correspondence between the Client IP address and the name)
Name on the right of the IP address on the left
127.0.0.1 localhost

Wins support and wins server cannot be used at the same time
The wins server specifies the IP address of a wins server as the client.




Samba Security Level
[Global]
Security =
1. share
A windows user can access the shared list without authentication.
2. user
For a windows client, you must enter a user to access the shared name list, and create a user account on the server.
3. server
The client must enter a valid user for access, but the authentication process is performed on another server. The user account is saved on the authenticated server.
Share: the user is only valid for windows clients. linux clients can access the share Name List at the user level without a password. Security only protects the list of shared names of hosts. Access to directories is determined by directory rules.

# Hostname view Host Name
# Nmblookup my-server Query Host IP address (related to samba netbios name)
# Man smb. conf
Vi search skills:
/% M enter "/" before entering the string to be searched
/Redhat: Search for the "redhat" String
Shift + G jump to the end of the file

The default server name is the same as the first part of the machine DNS.
For example, Fedora.cyrich.com, the samba server name is Fedora.

Access Control
I. Global Control
[Global]
Hosts deny = ALL
Hosts allow = 192.168.0.
Ii. Local Access Control
[Docs]
Hosts deny = 192.168.0.
Hosts allow = 192.168.0.1
[Redhat]
Hosts allow = 192.168.0.
Host deny = 192.168.0.1 (invalid)
Priority allowed !!
The format syntax behind hosts. You can use man 5 host. access to view help
1. Start with .edu.cn
2. End at 192.168.0.
3.192.168.0.0/255.255.255.0
192.168.0.0/24
4. all local unknown dns cannot be resolved
5. Specify a file at the beginning/
6. hosts allow = 192.168.0.0 255.t 192.168.0.1
Allow access from hosts in the 192.168.0 network segment, except 192.168.0.1

TIPS:
# Tail/etc/samba/smb. conf
Display the last 10 lines of the file




Application Cases
Requirements:
1. All employees can work in the company, But no matter which computer they work on, they must save their file data on the samba file server.
2. Both the marketing department and the technical department have their own directories. People in the same department have a shared directory. People in other departments can only access their own home directories on the server.
3. All users are not allowed to use the shell on the server.
Analysis:
1. samba needs to be used as the file server to create accounts and directories for all users. By default, a user has a home directory on the server, which can be seen only after authentication is passed.
2. You need to create different sales and tech groups for the marketing department and the Technical Department, allocate directories, and add all marketing department employees to the sales group. the technical department employees should join the tech group and share the sales and tect through samba.
3. No shell is allocated when a user account is created.
Case implementation:
1. Create accounts and directories for all users without assigning shell. Assume that the marketing department has tom and jack, and the technical department has red, blue, ceo of general manager, and finance.
2. Create sales and tech groups, add all marketing department employees to the sales group, and Technical Department employees to the tect group.
3. Create two directories/home/sales and/home/tech, and modify the permissions of the two directories, which belong to the sales group and tect group respectively.
4. Share/home/sales and/home/tect through samba
5. Test
If any error occurs, check
/Etc/samba/smbpasswd determine account
/Etc/samba/smbusers view the ing File
Tail/var/log/samba/redhat. log view logs in the/var/log/samba/directory

Specific operations:
# The vi/etc/samba/smb. conf security level is user
# Groupadd sales
# Groupadd tech
# Useradd? G sales? S/bin/false tom
# Useradd? G sales? S/bin/false jack
# Smbpasswd? A tom
# Smbpasswd? A jack
# For user in red blue
> Do
> Useradd? G tech? S/bin/false $ user
> Smbpasswd? A $ user
> Done

# Useradd ceo
# Useradd finance
# Smbpasswd? Ceo
# Smbpasswd? A finance
# Mkdir/home/sales/home/tech
# Chgrp sales/home/sales
# Chgrp tech/home/tech
# Chmod 770/home/sales
# Chmod 770/home/tech
# Chmod g + s/home/sales prevent permission confusion
# Chmod g + s/home/tech
# Vi/etc/samba/smb. conf
[Global]
Path =/home/sales
Comment = sales
Public = no
Valid users = @ sales
Write list = @ sales
Create mask = 0770
Directory mask = 0770
[Tech]
Path =/home/tech
Comment = tech
Public = no
Valid users = @ tech
Write list = @ tech
Create mask = 0770
Directory mask = 0770

Linux Testing
1. smbclient? L 192.168.0.22? U tom % tom
2. mount. cifs // 192.168.0.22/ceo? O username ceo % ceo
The windows client maps the network drive, and then sets the "My Documents" location to store files on the samba server anytime, anywhere.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.