RHEL 6 Build Samba Service

Source: Internet
Author: User
Tags anonymous command line valid in domain

Samba is a free software that allows the Unix family of operating systems to connect to the Smb/cifsserver message Block/common Internet File System Network protocol of the Microsoft Windows operating system. In short, this software sets up a bridge between Windows and the UNIX series OS to make both resources available.

The SMB protocol is a C/S mode client that allows access to shared file systems, printers, and other resources on the server. Configuring the Samba service enables both Linux and Windows hosts in the same network to access each other's shared resources.

Samba-supplied Port 137,138,139,445

Two processes of Samba

SMBD---Listens on TCP's 139445 ports, processing the SMB packets received by the interface

NMBD---Monitor UDP's 137 138 ports to enable other hosts to browse resources on the server

Five ways to authenticate Samba

1.share Everyone can access this Samba server does not need to enter a username and password.

2.user you need to enter a valid username and password to access Samba Server authentication is the responsibility of the Samba server.

3.server is the same as user only to be responsible for authentication to another samba server specified.

4.domain responsible for authentication to a domain controller

5.ads responsible for domain controllers for authentication is a bit safer than in domain

Yum–y Install Samba installation Samba package

Service SMB Restart the shared services of samba after modification just start the service. This is the first time you start

Service NMB Restart provides the first time that the UPD protocol needs to be started

Chkconfig SMB on

Chkconfig NMB on

Turn the firewall off before the experiment.

/etc/samba Samba's main configuration directory

/etc/samba/lmhosts and local parsing files/etc/hosts the same way that sharing is not secure.

/ETC/SAMBA/SMB.CONF Master configuration file

/etc/samba/smbusers Samba Alias

Workgroup = MyGroup Name of the workgroup where the Samba server resides

Server String = Description of the Samba server the Samba version of this server is 3.5 the latest version of Samba is that 4.0 hackers can attack this samba server by looking at 4.0 of the bugs that have been modified by 3.0, but if you modify the description here, you can confuse hackers to improve security.

Smbclient is the command line logon client for the Samba server displays a list of shared resources in the specified Samba server

Smbclient-l//192.168.1.210-u User1

Shared/linux directory share named Share

User needs to enter a valid username and password to access Samba Server authentication is the responsibility of the Samba server.

Change the security level to share everyone can access this Samba server does not need to enter a username and password.

Not safe

Windows access Linux share enter 192.168.1.210 in run

I can only see what's shared, but I can't get in. That's because Samba permissions don't have permission to write. This is mainly to understand the difference between user and share two authentication methods

Samba user prerequisite is that the samba user must be a local user and convert to a samba user

The SMBPASSWD command is used to maintain the user account of the Samba server

N Add Samba user account

# Smbpasswd–a User1

N Delete Samba user account

# Smbpasswd-x User1

n Disable Samba user account

# Smbpasswd–d User1

n Enable Samba user account

# SMBPASSWD-E User1

Allow User1 to have write access to/linux directory other users are read-only

Comment = All Linux annotation dropped is a description of the directory

Path =/linux Shared path

writeable = No to allow write operation no is read-only if yes on behalf of everyone can write

Write list = User1 only allows User1 permission to write to the directory A+w

Client Connection

The Mount-t cifs//192.168.1.210/share/opt-o username=user1 is filled with/share below/linux.

Allow users to access only in the 192.168.1.0/24 domain allow all people to browse and not allow anonymous access but add valid users will be the only User1 can access

Browseable = yes allows all people to browse

Valid users = User1 only who can read (set up users and groups that allow access to shared resources to add @)

Public = yes allows anonymous access to No and does not allow anonymous access

Hosts Deny = 192.168.1.210

Hosts allow = 192.168.1.210 two simultaneous presence allow priority

Account Mapping (alias) to avoid using Samba accounts to guess the system account

Method:

1 Enable the mapping table globally

Username Map=/etc/samba/smbusers

2 Add mapping Account

Vim/etc/samba/smbusers

3 Restart Service

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.