"Server for NFS Configuration" (CIFS) SMB

Source: Internet
Author: User
Tags ip number ftp access

**********************************************
NFSServer Configuration ***************
***********************************************
Unix-like
/etc/exports

Example
/var/ftp/pub 192.168.0.0/24 (Ro,sync) "() and front cannot open, if there is, it means the previous read-only, the other hosts have the permissions you specified"

One, common operation

1. Create the directory and specify the IP
Mkdir/nfsshare
/nfsshare 172.25.254.161 (rw) "Edit file/etc/exports, specify IP"
2. Client
SHOWMOUNT-E 172.25.254.160 "Check for success, notice shutting down the firewall"
3.
In this way, two IPs can be/nfsshare with the same directory.

[Note that you have to set up a directory beforehand, two are needed.] The user should be the Nfsnobody user (chown), Nfsnobody is both visible and can be seen instead, depending on the user's same or different. ]
4.nfsshare 172.25.254.161 (Rw,no_root_squash) "This no_root_squash, means that when root is created, the root belongs to"

5./home/student 172.25.254.161 (rw,anonuid=1000,anongid=1000) "You can hang up the student user home directory so that the files you build are naturally student users and user groups"

6./home/xxx 172.25.254.161 (rw.anonuid=1003,anonuid=1003) "You can also specify other users, but this user will be displayed with an ID if the user is not on your client." However, this is not safe, such a non-master file will be easy to master, not conducive to the security of file data. 】

Two, permanently mount NFS File system
(1) Add the corresponding line to the/etc/fstab:
Nfsserver:/nfsshare/mnt/nfsshare NFS Defaults 00
(2) Client NFS Mount option
RW: Mount a writable file system
RO: Mount read-only file system
Vers=4: Attempt to mount only with the specified NFS version. Mount request fails if the server does not support this version
Soft: If the NFS request times out, an error is returned after three attempts. Balance data integrity with improved client responsiveness.

Three, Kerberos authentication domain, secure NFS Output
Demo:
Run the script on Serverx and DESKTOPX and join the Kerberos authentication domain:
"Attention points"
1. When the NFS server is running, each time you edit/etc/exports, you should ensure that the changes are applied by executing exportfs-r after saving the changes. You can use EXPORTFS-V to display all exports.


***********************************
(CIFS) smb****************
***********************************

First, Introduction

1. The Universal Internet File System (CIFS) also becomes a new server information block (SMB), which is a standard file and Printer Sharing system for Microsoft Windows servers and clients. Samba services can be used to share Linux file systems as CIFS/SMB Network file shares and to share Linux printers as CIFS/SMB printer shares.
2. Divided into two services, SMBNMB
3. All connections are usually made using tcp/445. Backwards compatibility is also used with udp137,udp138 and UDP139
4. master configuration file:/etc/samba/smb.conf

Second, common operation
1. First download
Yum Reinstall samba-client.x86_64samba-common.x86_64 samba.x86_64 samba-libs.x86_64-y
2. Create the directory you want to share and set up the appropriate user on the client
3. Add relevant information to/etc/samba/smb.conf
[Smbshare]
Path =/smbshare "Location"
Write list = student "Add Student to writable list"
printable = no "printable"
Publice = yes "Everyone can access to"
4. View the shared directory
Smbclient-l//172.25.6.11, "Anonymous View"

Three, detailed file configuration
(1)/etc/samba/smb.conf:[global] section
* Workgroup used to specify Windows workgroup or network domain name
* Host Allow
Host allow uses a comma, space, or tab-delimited collection of hosts that allows access to the service. If specified in the [Global] section, it will apply to all services, regardless of whether a single service has different settings. You can specify the host by name or by IP number. For example, allow hosts = 192.168.254 to represent a network segment
(2) Security
This option affects how the client responds to samba and is one of the most important settings in the smb.conf file.
Security = user [the client must be logged on with a valid user name and password.] ]
Security = domain [works correctly only if the computer has been added to an NT domain. It requires the encrypted passwords parameter to be set to Yes. In this mode, Samba does the row validation by passing the username/password only windowsnt The primary domain controller or device domain controller, exactly as it does with Windows NT server. Note that valid Inix users and accounts on the domain controller must still exist to allow Samba to have a valid UNIX account that can be accessed as a innuendo file. You must set the passwd server parameter to provide the server for Samba to verify the password. ]
Security = Server [Samba will attempt validation by passing the username/password to another SMB server.] You must set the password server parameter, provide the server for Samba, and verify the password. ]
Security = ads [Samba is a member of the domain in ads realm. If you operate in this mode, the computer running Samba needs to install and configure Kerberos, and you will need to use the net utility to join Samba to Adsrealm.

(3) Other parts
1.[homes]
This share (enabled by default) is a special share that is available through the CIFS user's home directory. Includes browseable = no, so it will not appear as an available share until the user authenticates. The share name can be specified as homes (in this case, the Samba server converts it to the user's home directory path) or username.
2.[printers]
It is also available by default and will share the current hunger printer.
3.[share]
If you want to set up other shares, place the share name in parentheses, as shown above. Sharing requires at least one path parameter.

Four, detailed command operation
(1) SMB Users
1.useradd
Security = user requires Unxi and Samba account information. Add users (preferably with the same name as the Samba account), or place entries in/etc/samba/smbusers (there are some examples). If you create a Samba-only user, set the UNIX password to/sbin/nologin
#useradd-S/sbin/nologin wxh
2.smbpasswd
If you do not have a Samba password server, you must create authentication data on the local computer. Use SMBPASSWD to create a Samba account and password.
If SMBPASSWD only passes a user name without any options, it will attempt to change the account password. The pass-a option will add the account and set the password
#smbpasswd-A HXL
New SMB password:hxl123
Retype new SMB password:hxl123
Added user Hxl.
(2) Securing SMB
Samba_enable_home_dirs and Use_samba_home_dirs SELinux Boolean values
The Samba_enable_home_dirs boolean value allows the local Linux home directory to be exported as a CIFS file share to other systems. On the other hand, Use_samba_home_dirs Boolean allows the remote CIFS file share to be mounted as a local Linux home directory
#setsebool-psamba_enable_home_dirs on
samba_share_t for sharing user-defined samba shares
#chcon-R-tsamba_share_t/smbshare
or #semanagefcontext-T samba_share_t '/smbshare (/.*)? '
#restorecon-vvfr/smbshare
Samba_export_all_ro and SAMBA_EXPORT_ALL_RW for sharing system directories
#setsebool-P Samba_export_all_roon
#setsebool-P Samba_export_all_rwon
Five, access the CIFS share (four basic ways to connect to a CIFS file share:)
1. Graphical access to CIFS shares
Go to "Network" and "Connect to Server". Fill in the following fields:
Server address:172.25.254.6
Username:hxl
Password:hxl123
2. (common) command-line FTP access to CIFS shares: (You can also set anonymous logins)
#smbclient-L server6.example.com-u HXL "if the effect will show the version of the operating system and other information, as well as the need to enter a password, see the server-side shared directory name and the protocol used and other information"
#smbclient//server6.example.com/smbshare-u HXL "Enter the password, log into the/smbshare directory of your lock to share, you can view information of LS."
3. Manually mount the CIFS share
#mount-O USERNAME=HXL//SERVER6.EXAMPLE.COM/SMBSHARE/MNT/HXL
4. Permanently mount CIFS shares
Add the following line to the/etc/fstab:
SERVER6.EXAMPLE.COM/SMBSHARE/MNT/HXL CIFS credentials=/root/userpasswd 0 0
Create/root/userpasswd
User=hxl
Pass=hxl123
5. Multi-User Mount
Demo: (DESKTOPX)
#yum install-y cifs-utils [Install Cifs-utils package, which contains the cifscreds command]
#mkdir/mnt/multiuser [Build SMB Authentication file]
#echo ' USERNAME=HXL ' >/root/smb-multiuser.txt
#echo ' username=hxl123 ' >/root/smb-multiuser.txt
Edit/etc/fstab to permanently mount the SMB share:
Server0/smbshare/mnt/multiuser CIFSCREDENTIALS=/ROOT/SMB-MULTIUSER.TXT,MULTIUSER,SEC=NTLMSSP 0 0
[Root password required for non-root write data in multi-user files]
# Su-brian
$ touch/mnt/multiuser/test.txt
Touch:cannot Touch '/mnt/multiuser/brian.txt ': Permission denied
$ cifscreds Add Server0
Password:redhat
$ echo "Multiuser" >/mnt/multiuser/brian.txt
$ cat/mnt/multiuser/brian.txt
Multiuser
$ exit
# Su-rob
$ cifscreds Add Server0
Password:redhat
$ echo "Multiuser" >/mnt/multiuser/rob.txt
-bash:/mnt/multiuser/rob.txt:permission denied
$ cat/mnt/multiuser/brian.txt
Multiuser














(* view) ACL permissions List


"Little Tip"
NAS (network attached storage)->NFS (Network File System) NNFS (distributed version) shared directory (file system already has) | Mount


SAN (storage Domain network)->ISCSI (more secure) shared blocks | Making file system mounts represents technology: EMC,

[Tips] Through the direct connection of optical fiber, the characteristics of the SD with the original disk no difference, all to note that the installation system is not installed here, otherwise the partition table will be erased. The starting and ending positions of the partitioned table.
Recovery method: Use in salvage mode, do DD overlay, but first you want DD to intercept.

(SSD replacement can improve I/O, three times times, etc.)


"Server for NFS Configuration" (CIFS) SMB

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.