Operational records for the Samba service environment deployed under Linux

About the file transfer between Linux and Windows system, many people choose to use FTP, relatively safe, but sometimes there will be some problems, such as uploading files, file name inexplicable garbled, file size changes and other issues. By contrast, using Samba as a file share is much easier. The Samba Server communication protocol (server Messages Block) is designed to solve shared service problems with resources such as files or printers within the LAN, making it increasingly easy to share files between multiple hosts. The following is a brief introduction to the operational records of the samba services deployed under CENTOS7 (test machine 192.168.10.204):

1) Installing Samba

[Email protected] ~]# cat/etc/redhat-release CentOS Linux release 7.4.1708 (Core) [[email protected] ~]# rpm-qa|grep SA Mba[[email protected] ~]# Yum Install-y Samba

2) Security considerations, you need to set up a firewall policy (do not shut down the firewall)

Add Samba service to firewall policy [[email protected] ~]# firewall-cmd--add-service samba--permanentsuccess reboot firewall [[email protected] ~]# Firewall-cmd--reloadsuccess See if Samba services are added to the firewall: [[email protected] ~]# firewall-cmd--list-all|grep Samba  Services:ssh Dhcpv6-client Samba  Remember: Be sure to turn off selinux (otherwise it will cause Windows clients to connect to samba failure) [[email protected] ~]# vim/etc/ Sysconfig/selinux ..... Selinux=disabled[[email protected] kevin]# setenforce 0[[email protected] kevin]# Getenforce Permissive

3) Configure Samba service files

[[email protected] ~]# cp/etc/samba/smb.conf/etc/samba/smb.conf.bak[[email protected]ba-server ~]# vim/  etc/samba/smb.conf# See smb.conf.example for a further detailed config file or# read the smb.conf manpage.# Run ' Testparm ' to Verify the config is correct after# you modified it. [Global]//global Configuration workgroup = SAMBA Security = user Passdb BAC Kend = Tdbsam printing = Cups printcap name = Cups load printers = yes cups options = raw[homes] comme                                                  NT = Home Directories Valid users =%s,%d%w%s browseable = no Read only = no inherit ACLS = Yes[printers] Shared printer Configuration comment = All Printers path =/var/tmp printable =     Yes Create mask = 0600 browseable = no[print$] Comment = Printer Drivers path =/var/lib/samba/drivers                         Write list = root Create mask = 0664 Directory mask = 0775[kevin]                           This paragraph is a new addition to the content comment = Modify it all will//comment is a description of the share, can be any word                                      Character string path=/home/kevin//shared path writable = yes Whether to write public = no//whether publicly

4) Add Kevin Account (as added in configuration above)

is set to not Hyden into the system, and the user's home directory is/home/kevin (equivalent to a virtual account) Kevin Account. [Email protected] ~]# useradd-d/home/kevin-s/sbin/nologin Kevin

5) Pdbedit Command description

The Pdbedit command is used to manage the account information database for Samba services in the format: "Pdbedit [options] Account" The first time the user information is written to the database needs to use the-a parameter, in the future to modify the user password, delete the user and so on is no longer necessary. Pdbedit-l: View Samba user pdbedit-a-u User: Add Samba user Pdbedit-r-u User: Modify Samba user Information Pdbedit-x-u User: Delete Samba user's password for Samba service database Also You can use the SMBPASSWD command to manipulate smbpasswd-a User: Add a Samba subscriber smbpasswd-d users: Disable a Samba user smbpasswd-e users: Restore a Samba user smbpasswd-x us ER: Delete a samba user

6) Add Kevin as a samba user

[[email protected] ~]# ID kevinuid=1001 (Kevin) gid=1001 (Kevin) groups=1001 (Kevin) [[email protected] ~]#                       Pdbedit-a-u kevinnew Password://Set the Samba account password that Kevin uses, such as 123456retype new password:             Confirm Password Unix username:kevinnt username:account Flags: [U]user SID: S-1-5-21-33923925-2092173964-3757452328-1000primary Group Sid:s-1-5-21-33923925-2092173964-3757452328-513full         Name:home Directory: \\samba-server\kevinHomeDir drive:logon script:profile Path:          \\samba-server\kevin\profiledomain:samba-serveraccount desc:Workstations:Munged Dial: Logon Time:0logoff time:wed, 2036 23:06:39 cstkickoff time:wed, Feb 2036  23:06:39 Cstpassword Last Set:mon, Mar 2018 18:07:58 Cstpassword can Change:mon, Mar 2018 18:07:58 Cstpassword Must change:neverlast bad password  : 0Bad password Count:0logon hours:ffffffffffffffffffffffffffffffffffffffffff then modifies the home directory permissions of samba users [[email  Protected] ~]# CHOWN-RF Kevin.kevin/home/kevin

7) Start Samba services

[[email protected] ~]# systemctl start smb[[email protected] ~]# systemctl enable smbcreated symlink from/etc/ Systemd/system/multi-user.target.wants/smb.service To/usr/lib/systemd/system/smb.service.  [[email protected] ~]# systemctl restart smb[[email protected] ~]# systemctl status SMB Smb.service-samba SMB Daemon loaded:loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset:disabled) active:active (running ) since Mon 2018-03-12 18:11:20 CST;   3s ago Main pid:977 (SMBD) Status: "Smbd:ready to serve connections ..." CGroup:/system.slice/smb.service├─977/usr/sbin/smbd├─978/usr/sbin/smbd├─979/usr/sbin/ Smbd└─980/usr/sbin/smbdmar 18:11:19 Samba-server systemd[1]: Starting samba SMB Daemon ... Mar 18:11:19 samba-server systemd[1]: smb.service:Supervising process 977 which is not our child. We'll most likely not ... exits. Mar 18:11:20 samba-server smbd[977]: [2018/03/12 18:11:20.065982, 0] .. /lib/util/become_daemon.c:124 (daemon_ready) Mar 18:11:20 samba-server systemd[1]: Started Samba SMB Daemon.mar 12 18:11:20 samba-server smbd[977]: Status=daemon ' smbd ' finished starting up and OK to serve Connectionshint:some Line S were ellipsized, use-l to show on full.

8) Start Testing
Add a bit of content to the shared path/home/kevin first

[[email protected] kevin]# Touch test1 test2 test3[[email protected] kevin]# mkdir A1 A2 A3[[email protected] kevin]# LSA1  A2  a3  test1  test2  test3

Then windos the client for local testing. "Win+e Key" opens, enter "\\192.168.10.204" in the Top "network" address field, then enter the Samba account set above, Kevin and his password, you can share the file under/home/kevin on Linux.

Once connected, you can share your folders directly with Windows and Linux, allowing you to put some test files

If there is a network error connecting to samba on a Windows client: Windows cannot access \\192.168.10.204\kevin, the workaround is as follows:

View the context's security relationship [[email protected] ~]# semanage kevin-a-T Samba_share_t/home/kevin/-bash:semanage:command not found if the system appears above Error, stating that you do not have the Semanage command installed in your system, start installing Semanage:[[email protected] ~]# yum provides/usr/sbin/semanageloaded plugins: Fastestmirrorloading mirror speeds from cached Hostfile * base:mirror.0x.sg * epel:mirror.dmmlabs.jp * extras:mirror.0x . SG * Updates:mirror.0x.sgpolicycoreutils-python-2.5-17.1.el7.x86_64:selinux policy core python utilities        // This is the installation package repo        : basematched from:filename    : [[email protected] ~]# Yum install-y Policycoreutils-python and then execute again, Do not forget to refresh context when execution is complete [[email protected] ~]# semanage fcontext-a-t samba_share_t/home/kevin[[email protected] ~]# Restoreco N-rv/home/kevin allow SELinux to restart Samba[[email protected] ~]# systemctl restart SMB for SMB user share home directory

Operational records for the Samba service environment deployed under Linux