Samba is all called the server Message block, the information service blocks, mainly used to implement Linux and Windows file sharing.
First, basic configuration options
The main configuration files are/etc/samba/smb.conf, configuration files are SELinux, global configuration, log configuration, standard service options, domain control options, shared definition options, major modified areas are global options and shared definition options, global configuration will take effect for all shared definitions
Workgroup = Workgroup Definition of workgroup server string = Samba Server version%v definition prompt, here%v indicates the Samba version number
The server string option can be modified in daily management to hide its own version
The hosts allow definition allows access to the shared target host, which can be defined in the following formats
. example.com//define all hosts with example.com endings to access 172.16.0.0/16172.16.0.0/255.255.0.0172.16. The above three kinds are defined as the same meaning, define a network segment, multiple network segments can be separated by a space
The hosts deny defines a host that denies access to the shared, and if only the Deny is set, other network segments can be accessed normally except for the Deny network segment, such as:
Hosts deny 192.168.1.0/24hosts allow 192.168.1.1 #表示不允许192.168.1.0/24 Network segment access, But allow 192.168.1.1 this host and 172.16.0.0 access, default to allow, that is, other nets defaults think allow
Log information configuration
Log file =/var/log/samba/log.%m//By default it is logged. Machine name defines the format of logs max log size = 50//log patrol, default unit is KB
Shared file format
[public]//shared name comment = Description//Description of this shared path =/path/to/share//shared folder writable = YES|NO//default not writable, to turn on write function Choose yesvalid users = User1 @group//Effective access user, available @ Support user group access, default to support all user access browseable = yes | No//define whether to allow browsing, if yes all users can access this directory public = yes | No//Defines whether anonymous access is allowed, default is no, this is dangerous and is not recommended to turn on readonly = no//equals writable = yes
Ii. Basic configuration of Samba
The main use of the package has samba,cifs-utils, first installed the required package, joined the boot start, open firewall, existing two terminal one 10.1.17.221 (server), another terminal 10.1.17.249 (client)
#yum install-y Samba Cifs-utils#systemctl enable Smb#systemctl enable Nmb#systemctl start Smb#systemctl start Nmb#firewal L-cmd--permanent--add-service=samba#firewall-cmd--reload
Modify Samba Master profile vim/etc/samba/smb.conf, create a new RHCE share, access the user as Tom,bob, only allow Tom to write, allow only 10.1.0.0/16 bit network segment access
[rhce]comment = share for Itpath =/mnt/smbvalid users = Tom Bobwrite list = tomhosts allow = 10.1.0.0/16
Use the testparm command to check the smb.conf configuration file syntax
testparm load smb config files from /etc/samba/smb.confrlimit_max: increasing rlimit_max (1024x768) to minimum Windows limit (16384) PARAMS.C: Parameter () - Ignoring badly formed line in configuration file: setsebool -p samba_enable_home_dirs onprocessing section "[Homes]" Processing section "[Printers]" processing section "[Rhce]" Loaded services file ok. Server role: role_standalonepress enter to see a dump of your service definitions[global] netbios name = server. REDHAT. sun server string = samba server version %v log file = /var/log/samba/log.%m max log size = 50 load prInters = no idmap config * : backend = tdb cups options = raw[homes] comment = Home directories read only = no browseable = No[printers] comment = All Printers path = /var/spool/samba printable = yes print ok = yes browseable = no[rhce] comment = share for it path = /mnt/smb valid users = tom, bob write list = tom hosts allow = 10.1.0.0/16
If the grammar check is OK, you will be prompted to show Samba users using Pdbedit-l,-X to delete the user
[Email protected] ~]# pdbedit-ltom:1022:bob:1023:
Create a shared directory, modify the Selinuxcontext value
#mkdir/mnt/smb#cp/etc/fstab/mnt/smb#ll-dz/mnt/smbdrwxr-xr-x. Root root unconfined_u:object_r:mnt_t:s0/mnt/smb#chcon-r-T samba_share_t/mnt/smb#ll-dz/mnt/smbdrwxr-xr-x. Root root unconfined_u:object_r:samba_share_t:s0/mnt/smb#systemctl restart SMB NMB
Change a terminal to check if the RHCE share is displayed properly
#yum install -y samba-client#smbclient -l 10.1.17.221enter root ' S password:  ANONYMOUS LOGIN SUCCESSFULDOMAIN=[WORKGROUP] OS=[UNIX] SERVER=[SAMBA 4.1.12] Sharename Type Comment --------- ---- ------- rhce disk share for it ipc$ IPC IPC Service (samba server version 4.1.12) anonymous login Successfuldomain=[workgroup] os=[unix] server=[samba 4.1.12] server comment --------- ------- server. REDHAT. s samba server version 4.1.12 wh-print workgroup master --------- ------- workgroup
The local user must exist before adding a user on the server side to add the user properly
Smbpasswd-a adding users
-X Delete User
-D means disable disabled user
-e means Enable user
Add Tom,bob users, design samba passwords for tom,bob, add it groups, join Tom,bob to an additional group of it, modify/MNT/SMB directory genera and permissions
#useradd-S/sbin/nologin tom#useradd-s/sbin/nologin bob#smbpasswd-a tomnew SMB password:redhatretype new SMB Password: redhatadded user Tom #smbpasswd-a bob#groupadd it#gpasswd-a tom it//Add Tom to the IT add-on group #gpasswd-a Bob It#chown:it/mnt/ Smb#chmod 2775/MNT/SMB
Next look at the permissions properties and user properties of the/MNT/SMB
#ll-D/mnt/smbdrwxrwsr-x. 2 root It Oct 00:55/mnt/smb#id bobuid=1023 (Bob) gid=1023 (Bob) groups=1023 (Bob), 40002 (IT) #id tomuid=1022 (Tom) gid=10 Tom Groups=1022 (Tom), 40002 (IT) #grep-E "^it"/etc/groupit:x:40002:tom,bob
Using the Windows Client Access \\10.1.17.221, test bob, you can access, in the RHCE directory not authorized to establish a folder, using net Usr/del * Delete Windows access cache, with Tom User login, you can normally rhce on the new.
Mount the test on the client
#mount -t cifs -o username=tom //10.1.17.221/rhce /mntpassword for [ email protected]//10.1.17.221/rhce: ******# df -hfilesystem size used avail use% mounted on/dev/mapper/rhel-root 11g 4.9g 5.4g 48% / devtmpfs 740m 0 740M 0% /devtmpfs 749M 140K 749m 1% /dev/shmtmpfs 749m 41m 708m 6% / Runtmpfs 749m 0 749M 0% /sys/fs/cgroup/dev/sda1 197m 130m 68m 66% /boot/dev/mapper/rhel-home 4.9g 242m 4.7g 5% / home//10.1.17.221/rhce 9.8g 631m 9.2g 7% /mnt# cd /mnt# lltotal 4-rw-r--r--. 1 root root 693 oct 14 2015 fstab#echo "tom is here " >> tom.txt# Lltotal 8-rw-r--r--. 1 root root 693 Oct 14 2015 Fstab-rw-r--r--. 1 1022 40002 13 oct 14 2015 tom.txt
Implement the automatic Mount function, edit/etc/fstab, add a line
10.1.17.221/rhce/mnt CIFS defaults,username=tom,passwd=redhat 0 0
Third, access the share using the user name and password
Check the Fstab permissions to 644, all per capita readable, so there is no security, you can create a new password file, the user name and password placed in this password file
#echo "Username=tom" >/etc/tom.txt# echo "Passwd=redhat" >>/etc/tom.txt # chmod 400/etc/tom.txt
Modify/etc/fstab
10.1.17.221/rhce/mnt CIFS defaults,credentials=/etc/tom.txt 0 0
Iv. using multiuser for multi-user encrypted access
At present, there is only a fixed user, can not achieve different password access for different users, and password has been fixed, inconvenient to manage, RHEL7 added a feature multiuser, multi-user access, edit/etc/fstab, add multi-user options, The encryption method is NTLMSSP, can man Mount.cifs, the last _netdev option is the network service startup and then mount, to prevent the network does not start, has been stalling, can not be normal mount phenomenon
10.1.17.221/rhce/mnt CIFS Defaults,credentials=/etc/tom.txt,multiuser,sec=ntlmssp,_netdev 0 0
Temporarily modify the terminal/mnt directory to 777 permissions
#chmod 777 /mnt#mount -a# su - student //switch to normal user #ll /mntls: cannot access /mnt: permission deniedcifscreds add -u bob 10.1.17.221Password: redhat#cifscreds -h The use of //cifscreds cifscreds: invalid option -- ' h ' usage: Cifscreds add [-u username] [-d] Indicates that the user has acquired Tom's credentials and can write normally, so this is the end of the samba experiment.
"Linux Learning note" Samba is configured on RHEL7