"Linux Learning note" Samba is configured on RHEL7

Samba is all called the server Message block, the information service blocks, mainly used to implement Linux and Windows file sharing.

First, basic configuration options

The main configuration files are/etc/samba/smb.conf, configuration files are SELinux, global configuration, log configuration, standard service options, domain control options, shared definition options, major modified areas are global options and shared definition options, global configuration will take effect for all shared definitions

Workgroup = Workgroup Definition of workgroup server string = Samba Server version%v definition prompt, here%v indicates the Samba version number

The server string option can be modified in daily management to hide its own version

The hosts allow definition allows access to the shared target host, which can be defined in the following formats

. example.com//define all hosts with example.com endings to access 172.16.0.0/16172.16.0.0/255.255.0.0172.16. The above three kinds are defined as the same meaning, define a network segment, multiple network segments can be separated by a space

The hosts deny defines a host that denies access to the shared, and if only the Deny is set, other network segments can be accessed normally except for the Deny network segment, such as:

Hosts deny 192.168.1.0/24hosts allow 192.168.1.1 #表示不允许192.168.1.0/24 Network segment access, But allow 192.168.1.1 this host and 172.16.0.0 access, default to allow, that is, other nets defaults think allow

Log information configuration

Log file =/var/log/samba/log.%m//By default it is logged. Machine name defines the format of logs max log size = 50//log patrol, default unit is KB

Shared file format

[public]//shared name comment = Description//Description of this shared path =/path/to/share//shared folder writable = YES|NO//default not writable, to turn on write function Choose yesvalid users = User1 @group//Effective access user, available @ Support user group access, default to support all user access browseable = yes | No//define whether to allow browsing, if yes all users can access this directory public = yes | No//Defines whether anonymous access is allowed, default is no, this is dangerous and is not recommended to turn on readonly = no//equals writable = yes

Ii. Basic configuration of Samba

The main use of the package has samba,cifs-utils, first installed the required package, joined the boot start, open firewall, existing two terminal one 10.1.17.221 (server), another terminal 10.1.17.249 (client)

#yum install-y Samba Cifs-utils#systemctl enable Smb#systemctl enable Nmb#systemctl start Smb#systemctl start Nmb#firewal L-cmd--permanent--add-service=samba#firewall-cmd--reload

Modify Samba Master profile vim/etc/samba/smb.conf, create a new RHCE share, access the user as Tom,bob, only allow Tom to write, allow only 10.1.0.0/16 bit network segment access

[rhce]comment = share for Itpath =/mnt/smbvalid users = Tom Bobwrite list = tomhosts allow = 10.1.0.0/16

Use the testparm command to check the smb.conf configuration file syntax

testparm load smb config files from /etc/samba/smb.confrlimit_max:  increasing rlimit_max  (1024x768)  to minimum Windows limit  (16384) PARAMS.C: Parameter ()  - Ignoring badly formed line in configuration file:  setsebool -p samba_enable_home_dirs onprocessing section  "[Homes]" Processing  section  "[Printers]" processing section  "[Rhce]" Loaded services file ok. Server role: role_standalonepress enter to see a dump of your  service definitions[global]    netbios name = server. REDHAT. sun    server string = samba server version %v     log file = /var/log/samba/log.%m    max log size  = 50    load prInters = no    idmap config * : backend = tdb     cups options = raw[homes]    comment =  Home directories    read only = no    browseable  = No[printers]    comment = All Printers     path = /var/spool/samba    printable = yes     print ok = yes    browseable = no[rhce]     comment = share for it    path = /mnt/smb     valid users = tom, bob    write list = tom     hosts allow = 10.1.0.0/16

If the grammar check is OK, you will be prompted to show Samba users using Pdbedit-l,-X to delete the user

[Email protected] ~]# pdbedit-ltom:1022:bob:1023:

Create a shared directory, modify the Selinuxcontext value

#mkdir/mnt/smb#cp/etc/fstab/mnt/smb#ll-dz/mnt/smbdrwxr-xr-x. Root root unconfined_u:object_r:mnt_t:s0/mnt/smb#chcon-r-T samba_share_t/mnt/smb#ll-dz/mnt/smbdrwxr-xr-x. Root root unconfined_u:object_r:samba_share_t:s0/mnt/smb#systemctl restart SMB NMB

Change a terminal to check if the RHCE share is displayed properly

#yum  install -y samba-client#smbclient -l 10.1.17.221enter root ' S password:  ANONYMOUS LOGIN SUCCESSFULDOMAIN=[WORKGROUP] OS=[UNIX] SERVER=[SAMBA 4.1.12]     Sharename       Type       Comment    ---------       ----       -------    rhce             disk      share for it    ipc$             IPC        IPC Service  (samba server version 4.1.12) anonymous login  Successfuldomain=[workgroup] os=[unix] server=[samba 4.1.12]    server                comment    ---------             -------    server. REDHAT. s      samba server version 4.1.12     wh-print                  workgroup            master     ---------            -------     workgroup

The local user must exist before adding a user on the server side to add the user properly

Smbpasswd-a adding users

-X Delete User

-D means disable disabled user

-e means Enable user

Add Tom,bob users, design samba passwords for tom,bob, add it groups, join Tom,bob to an additional group of it, modify/MNT/SMB directory genera and permissions

#useradd-S/sbin/nologin tom#useradd-s/sbin/nologin bob#smbpasswd-a tomnew SMB password:redhatretype new SMB Password: redhatadded user Tom #smbpasswd-a bob#groupadd it#gpasswd-a tom it//Add Tom to the IT add-on group #gpasswd-a Bob It#chown:it/mnt/ Smb#chmod 2775/MNT/SMB

Next look at the permissions properties and user properties of the/MNT/SMB

#ll-D/mnt/smbdrwxrwsr-x. 2 root It Oct 00:55/mnt/smb#id bobuid=1023 (Bob) gid=1023 (Bob) groups=1023 (Bob), 40002 (IT) #id tomuid=1022 (Tom) gid=10 Tom Groups=1022 (Tom), 40002 (IT) #grep-E "^it"/etc/groupit:x:40002:tom,bob

Using the Windows Client Access \\10.1.17.221, test bob, you can access, in the RHCE directory not authorized to establish a folder, using net Usr/del * Delete Windows access cache, with Tom User login, you can normally rhce on the new.

Mount the test on the client

#mount  -t cifs -o username=tom //10.1.17.221/rhce /mntpassword for [ email protected]//10.1.17.221/rhce:  ******# df -hfilesystem              size  used avail use% mounted  on/dev/mapper/rhel-root   11g  4.9g  5.4g  48% / devtmpfs               740m      0  740M   0% /devtmpfs                   749M  140K   749m   1% /dev/shmtmpfs                   749m   41m  708m   6% / Runtmpfs                  749m      0  749M   0% /sys/fs/cgroup/dev/sda1               197m  130m   68m  66%  /boot/dev/mapper/rhel-home  4.9g  242m  4.7g   5% / home//10.1.17.221/rhce     9.8g  631m  9.2g   7%  /mnt# cd /mnt# lltotal 4-rw-r--r--.  1 root root 693 oct  14  2015 fstab#echo  "tom is here "  >> tom.txt#  Lltotal 8-rw-r--r--.  1 root root  693 Oct 14  2015  Fstab-rw-r--r--.  1 1022 40002  13 oct 14  2015 tom.txt

Implement the automatic Mount function, edit/etc/fstab, add a line

10.1.17.221/rhce/mnt CIFS defaults,username=tom,passwd=redhat 0 0

Third, access the share using the user name and password

Check the Fstab permissions to 644, all per capita readable, so there is no security, you can create a new password file, the user name and password placed in this password file

#echo "Username=tom" >/etc/tom.txt# echo "Passwd=redhat" >>/etc/tom.txt # chmod 400/etc/tom.txt

Modify/etc/fstab

10.1.17.221/rhce/mnt CIFS defaults,credentials=/etc/tom.txt 0 0

Iv. using multiuser for multi-user encrypted access

At present, there is only a fixed user, can not achieve different password access for different users, and password has been fixed, inconvenient to manage, RHEL7 added a feature multiuser, multi-user access, edit/etc/fstab, add multi-user options, The encryption method is NTLMSSP, can man Mount.cifs, the last _netdev option is the network service startup and then mount, to prevent the network does not start, has been stalling, can not be normal mount phenomenon

10.1.17.221/rhce/mnt CIFS Defaults,credentials=/etc/tom.txt,multiuser,sec=ntlmssp,_netdev 0 0

Temporarily modify the terminal/mnt directory to 777 permissions

#chmod  777 /mnt#mount -a# su - student    //switch to normal user #ll  /mntls: cannot access /mnt: permission deniedcifscreds add -u bob  10.1.17.221Password: redhat#cifscreds -h          The use of   //cifscreds cifscreds: invalid option --  ' h ' usage:     Cifscreds add [-u username] [-d] 
Indicates that the user has acquired Tom's credentials and can write normally, so this is the end of the samba experiment.
"Linux Learning note" Samba is configured on RHEL7