Samba is a free software that allows the Unix family of operating systems to connect to the Smb/cifsserver message Block/common Internet File System Network protocol of the Microsoft Windows operating system. In short, this software sets up a bridge between Windows and the UNIX series OS to make both resources available.
The SMB protocol is a C/S mode client that allows access to shared file systems, printers, and other resources on the server. Configuring the Samba service enables both Linux and Windows hosts in the same network to access each other's shared resources.
Samba-supplied Port 137,138,139,445
Two processes of Samba
SMBD---Listens on TCP's 139445 ports, processing the SMB packets received by the interface
NMBD---Monitor UDP's 137 138 ports to enable other hosts to browse resources on the server
Five ways to authenticate Samba
1.share Everyone can access this Samba server does not need to enter a username and password.
2.user you need to enter a valid username and password to access Samba Server authentication is the responsibility of the Samba server.
3.server is the same as user only to be responsible for authentication to another samba server specified.
4.domain responsible for authentication to a domain controller
5.ads responsible for domain controllers for authentication is a bit safer than in domain
Yum–y Install Samba installation Samba package
Service SMB Restart the shared services of samba after modification just start the service. This is the first time you start
Service NMB Restart provides the first time that the UPD protocol needs to be started
Chkconfig SMB on
Chkconfig NMB on
Turn the firewall off before the experiment.
/etc/samba Samba's main configuration directory
/etc/samba/lmhosts and local parsing files/etc/hosts the same way that sharing is not secure.
/ETC/SAMBA/SMB.CONF Master configuration file
/etc/samba/smbusers Samba Alias
Workgroup = MyGroup Name of the workgroup where the Samba server resides
Server String = Description of the Samba server the Samba version of this server is 3.5 the latest version of Samba is that 4.0 hackers can attack this samba server by looking at 4.0 of the bugs that have been modified by 3.0, but if you modify the description here, you can confuse hackers to improve security.
Smbclient is the command line logon client for the Samba server displays a list of shared resources in the specified Samba server
Shared/linux directory share named Share
User needs to enter a valid username and password to access Samba Server authentication is the responsibility of the Samba server.
Change the security level to share everyone can access this Samba server does not need to enter a username and password.
Windows access Linux share enter 192.168.1.210 in run
I can only see what's shared, but I can't get in. That's because Samba permissions don't have permission to write. This is mainly to understand the difference between user and share two authentication methods
Samba user prerequisite is that the samba user must be a local user and convert to a samba user
The SMBPASSWD command is used to maintain the user account of the Samba server
N Add Samba user account
# Smbpasswd–a User1
N Delete Samba user account
# Smbpasswd-x User1
n Disable Samba user account
# Smbpasswd–d User1
n Enable Samba user account
# SMBPASSWD-E User1
Allow User1 to have write access to/linux directory other users are read-only
Comment = All Linux annotation dropped is a description of the directory
Path =/linux Shared path
writeable = No to allow write operation no is read-only if yes on behalf of everyone can write
Write list = User1 only allows User1 permission to write to the directory A+w
The Mount-t cifs//192.168.1.210/share/opt-o username=user1 is filled with/share below/linux.
Allow users to access only in the 192.168.1.0/24 domain allow all people to browse and not allow anonymous access but add valid users will be the only User1 can access
Browseable = yes allows all people to browse
Valid users = User1 only who can read (set up users and groups that allow access to shared resources to add @)
Public = yes allows anonymous access to No and does not allow anonymous access
Hosts Deny = 192.168.1.210
Hosts allow = 192.168.1.210 two simultaneous presence allow priority
Account Mapping (alias) to avoid using Samba accounts to guess the system account
1 Enable the mapping table globally
2 Add mapping Account
3 Restart Service