RHEL5 Configuring the Samba server for file sharing

For resource sharing between Windows hosts and Linux servers, and for access control, samba services provided by the Linux operating system can implement such a control. The Samba service provides a bridge between the different operating systems in two, enabling communication between Linux and Windows systems, and providing great convenience for a wide range of Linux enthusiasts, taking Redhat 5 as an example, Briefly explains how to build Samba services on Linux operating systems and how samba is configured.

installation of Samba servicesBy default, the Red Hat Enterprise Linux 5 installer does not have the Samba service installed, and you can use the DVD source Yum installation to be simple and easy to set up by using a search in my articles list;

Installation file Description:

samba-3.0.33-3.37.el5

 ----provide samba services (not installed by default), which mainly provides the various service programs required by the SMB server (SMBD and NMBD) Files and other SAMBA-related logrotate profiles and boot default options files, etc.

Samba-common-3.0.33-3.37.el5

----provide the common files that both the server and the client must use (the default is installed). The software provides the data that both the server and the client will use, including the SAMBA main configuration file (smb.conf), the grammar check Directive (testparm), and so on;

samba-client-3.0.33-3.37.el5

The----provides client-side tool support (which is installed by default), which provides the tools required when Linux is the client side of samba, such as the mount.cifs of the Samba file format, the Smbtree of a similar web-related tree diagram, and so on;

SYSTEM-CONFIG-SAMBA-1.2.41-5.EL5
----provides graphical interface management (default not installed);

source code Latest version,: http://www.samba.org

Yum Installation:
#yum Install Samba
#yum Install System-config-samba

Samba Services processes SMBD:SMB server processes, SMBD for SMB clients, such as Windows 9x/nt, and provides Windows NT and LAN Manager-style file and print services;
Nmbd:netbios server process, NMBD provides browsing support so that computer users with the Linux operating system can integrate into Windows networks using the NetBIOS protocol;
The port Samba service uses for the Samba service port: 137 138 139, before you configure the Samba server, you need to review the records that begin with "netbios-" in the/etc/services file, and the correct record file should look like the following if there is a # before these records or without these records, the user cannot access the shared resources on the Linux server.
#cat/etc/services | grep NetBIOS
Netbios-ns 137/tcp #NETBIOS Name Service
Netbios-ns 137/UDP
NETBIOS-DGM 138/tcp #NETBIOS Datagram Service
NETBIOS-DGM 138/UDP
NETBIOS-SSN 139/tcp #NETBIOS Session Service
NETBIOS-SSN 139/UDP
Samba service starts #service SMB start OR/ETC/INIT.D/SMB start SMB Service
#service SMB Stop OR/ETC/INIT.D/SMB stop stops the SMB service
#service SMB Restart OR/ETC/INIT.D/SMB restart Restart SMB Service
#service SMB status OR/ETC/INIT.D/SMB status check SMB service state
#ntsysv or #chkconfig –level SMB on Service SMB power-on auto-boot
Samba file structure Samba version is 3.x version, the previous version of the 2.x version is a bit different in settings, so please confirm your samba version before entering the settings. Our main introduction Here is the pre-set version of the 3.x software architecture:

/etc/samba/smb.conf	Samba's master configuration file, which consists of both global settings and shared definitions
/etc/samba/lmhosts	The corresponding NetBIOS name and IP address of host in LAN are provided; Each row in this file corresponds to a host record, preceded by the IP address of the host, followed by a space to record the IP address of the host's NetBIOS name, NetBIOS (network basic Input Output system, the basic input and export systems) is a Windows system used in the LAN communication connection of a protocol, the host through the NetBIOS name to identify, in order to be able to identify the host name, the user needs to the local area network Windows host name (NetBIOS name) and IP address of the corresponding relationship in this file, And be sure to include the Linux host itself as a samba server, such as: 127.0.0.1 localhost (do not delete this record); Typically, when you start Samba, you can automatically capture the Netbio name of the relevant IP in the network, so this file is usually not set up;
/etc/samba/smbpasswd	password file, which does not exist after the Samba service is installed and requires the SMBPASSWD command to be used to create the file; Samba services and Linux operating systems use different password files, so user accounts in the Linux operating system cannot be directly logged into the Samba server and need to create a new Samba user account password for Linux users; The first time a user uses the SMBPASSWD command to create an account for a samba service, the smbpasswd file is automatically created, the command format #smbpasswd  -a  linux user name; #smbpasswd –a user1 ( User1 has been established in the Linux system,-a after the Linux user name, need to enter a password) command completed, User1 's Samba account password was created successfully, in/etc/samba/directory, will create smbpasswd file; # The smbpasswd–d command disables the Samba account #smbpasswd –e command to enable the Samba account #smbpasswd-? command to query for more usage The latest version of the Linux system core in this file is changed to/etc/ SAMBA/PASSDB.TDB, which is stored as a database instead of being stored as text, improves security;
/etc/samba/smbusers	User file that provides a mapping of external logins to local user names; The so-called user mapping refers to the user in Windows and Linux system of different accounts mapped to a user account, when using the Samba service mapped Windows account, you can directly use Windows account access; Setting the user mapping needs to be modified in the Samba master profile smb.conf, the Global parameter "username map" controls the user mapping, which specifies a mapping file, by default, the mapping file is/etc/samba/smbusers; To edit the smb.conf file, do the following: Username map =/etc/samb/smbusers, that is, the statement's comment symbol # removed; Edit the/etc/samba/smbusers file to add the user to the file that needs to be mapped, in the form of a standalone Linux account = The list of Windows accounts to be mapped (the username in the account list needs to be separated by a space, This parameter format indicates that multiple Windows user accounts can be mapped to the same samba account); For example: #Unix_name = smb_name1 smb_name2 ... Root = Administrator Admin Nobody = Guest Pcguest smbguest
/VAR/LIB/SAMBA/PRIVATE/{PASSDB.TDB,SECRETS.TDB}	The database files that will be used when managing Samba user account/password;
/usr/share/doc/samba-< version >	This directory contains all the relevant technical manuals for Samba, and when you've installed Samba, your system already contains a fairly rich and complete samba user's manual, which you can refer to for yourself!
/USR/SBIN/{SMBD,NMBD}	Server functions, most important rights management (SMBD) and NetBIOS name Query (NMBD) two important service programs;
/usr/bin/{tdbdump,tdbtool}	Server function, after Samba 3.0, the user's account and password parameters have been converted to use the database, Samba uses the database name of TDB (Trivial database), the control of databases command: Tdbdump can view the contents of the database, Tdbtool Can enter the database operation interface to manually modify the account parameters, need to install tdb-tools software;
/usr/bin/smbstatus	Server function, you can list the current Samba online status, including each samba online PID, shared resources, the use of user sources and so on, so that you easily manage samba;
/usr/bin/{smbpasswd,pdbedit}	Server function, in the management of Samba user account password, the early use of SMBPASSWD this directive, and later using the TDB database proposed the use of new Pdbedit instructions to manage user data;
/usr/bin/testparm	Server function, this instruction is mainly in verifying the configuration file smb.conf syntax is correct, when you edit smb.conf, be sure to use this command to check once, to avoid problems caused by grammar or writing errors;
/sbin/mount.cifs	Client function, on Linux, we use Mount (mount.cifs) to attach the files and directories shared by remote hosts to their Linux hosts;
/usr/bin/smbclient	The client function, the Linux host wants to be "followmission on the network" the function to see the other computer to share the directory and the device, can use the smbclient to view, can also use on their own SAMBA host, to see whether the setting is successful;
/usr/bin/nmblookup	Client features, somewhat similar to nslookup, focus on identifying NetBIOS Name;
/usr/bin/smbtree	The client function, a bit like the result of followmission on the network of Windows system, can display data similar to "near My Computer", can find the tree-like map of workgroup and computer name;

SMB.CONF Master configuration file

How does Samba set it up? is also very simple, depending on the process you can imagine:

1, server overall settings: In the smb.conf set up a good workgroup, NetBIOS hostname, password use status (no password sharing or local password) and so on;

2, planning to share the directory parameters: in the smb.conf set up the expected to share the directory or device, as well as the user-friendly account data;

3, the establishment of the required file system: According to the setting of step 2, in the Linux file system to establish a good sharing of files or devices, as well as the relevant permissions parameters;

4. Set up an account for the available samba: Set up the required Linux entity account according to step 2, and then establish the password using Samba with Pdbedit;

5, start the service: Start Samba smbd, NMBD service, start running!

According to the above process, the most we need to know is smb.conf this configuration file information. So first we have to introduce the way this file is set up, this file can actually be divided into two parts, one is the host information part, in the smb.conf with [global] (the whole field) as the basis for the setting; the other is the shared information, based on the individual directory name. In addition, many of the settings within the smb.conf are similar to Windows because Samba primarily wants to join the Net-Aromatics feature:

• In the smb.conf, the #号与, the number is the annotation symbol;
• In this configuration file, case is not related, because Windows is not case-sensitive;

The smb.conf master configuration file consists of two parts, the global Settings and the shared definition (Share definitions), respectively;

• Global settings set the options for the overall operating environment of the samba service, which are set in this [global] project for all shared resources, including workgroup, NetBIOS name of host, character encoding display, login file settings, password and password authentication mechanism, etc.
• Share definition settings shared directory, for your open directory to enter the permissions of the settings, including who can browse the directory, whether can read and write parameters;
• After setting the basic parameters to use the "#testparm" command to check for syntax errors, if you see "Loaded Services file OK" indicates that the profile load is normal, otherwise the system will prompt the error;

Global Settings (Globals Settings)

smb.conf Server Overall parameters: [Global] The main parameters of the project are:

Workgroup = workgroup name, note that the host group should be the same;
NetBIOS name = NetBIOS names of hosts, each host is different;
Server String = Simple description of the host, this can be easily written;

In addition, the latest version of the Samba client feature has drastically modified the connection by using a language that used to make users dissatisfied, and in the format CIFS (Common Internet File System) no longer has a Chinese display problem. Whether the client is Windows or Linux, use the following command lines:
#mount-T Cifs-o username=my_name,password=my_pass//xxx.xxx.xxx.xxx/share_floder/dest

If you have questions about language coding, you should refer to this article in the bird's-brother discussion area: http://phorum.vbird.org/viewtopic.php?t=22001

In addition to this, there are information about log-in files, including these parameters:

Log file = file placed by the login file, the file name may be processed using variables;
Max log size = The maximum number of Kbytes log files, if larger than the number, it will be rotate off;

There are also the password parameters related to the security degree when the Net Fang is open for sharing, including these several:

Security = share, user, domain: Three Select one, these three sets of values represent:
Share: Shared data does not require a password, everyone can use (no security);
User: Using the database of the SAMBA server itself, the password database is related to the Passdb backend below;
Domain: Using the external server password, that is, SAMBA is the client's intention, if you set up this project, you have to provide "password Server = IP" setting value;
Encrypt passwords = Yes means password to encrypt, note that passwords to have s;
Passdb backend = database format, as described above, the current password file has been converted to use the database, the default database format is: Tdbsam, and the preset files are placed in the/VAR/LIB/SAMBA/PRIVATE/PASSWD.TDB;
In fact, Samba has a lot of settings in terms of passwords, including the ability to use Samba to modify passwords in/etc/passwd, but this time requires the help of both the "Unix password Sync" and the "passwd program" parameter values. We are here to talk about the relatively simple, the other advanced parts can be man smb.conf to search and consult!

Shared definition (Share definitions)

The common parameters in the shared definition are mainly related to the file permissions of the Linux system, so the parameters are mostly related to the permissions.
[share name]: share name is a network followmission see the share name;
Comment: Catalogue description;
Path: Sets the directory of the actual operating Linux file system;
Browseable: Whether to let all the users see this project;
Writable: Can write, set to Yes can be written, if Read Only is also set to Yes, then the last occurrence of the setting value is the main setting;
Create mode and directory mode are related to permissions!
writelist = user, @ Group, This project can specify a specific user who can enter this resource. If it is a @group format, then the users who join the group can get the permission to use, the settings will be relatively simple!

available variable functions within the smb.confto simplify the setting, Samba offers a number of different variables for us to use, mainly with the following variables:

%s: instead of the current set item value, the so-called "Set item Value" is the content in [share]!
For instance, for example, the following setting example:
[Homes]
Valid users =%s
......
Because valid users is the allowed login, set to%s means that any user who can log in can log in, today, if test this user log in, the [homes] will automatically become [test],%s's intention is to replace the current [] content.

%m: The NetBIOS host name representing the client side
%M: represents the Internet host name on the client side, which is hostname
%l: The NetBIOS host name representing the samba host
%H: represents the user's home directory
%u: name of the user who is currently logged in
%g: The name of the group that represents the user who logged in
%h: represents the hostname of the current samba host, note that it is hostname, not NetBIOS name
%I: IP representing the client
%T: represents the current date and time

smb.conf Configuration Content

# This is the main Samba configuration file. You should read the smb.conf (5) manual page on order to understand the options listed here.
# Samba has a huge number of configurable options (perhaps too many!) the most of which is not shown in this example
# for a step-to-step guide on installing, configuring and using Samba, read the samba-howto-collection.
# This could be obtained from:http://www.samba.org/samba/docs/samba-howto-collection.pdf
# Many working examples of smb.conf files can be found in the samba-guide which are generated daily and can be downloaded F Rom:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
# which starts with A; (semi-colon) or a # (hash) is a comment and is ignored.
# In this example we'll use a for commentry and A; For parts of the config file, wish to enable.
# Note:whenever You modify this file you should run the command "Testparm" to check the so you had not made any basic synt Actic errors.
#======================= Global Settings (global variable settings) ===============================

Samba server operating mode and settings in the Samba master profile smb.conf, an important setting (Security settings statement) is the setting of the Samba server's operating mode (also known as "safety level"). In fact, there are 5 ways that the Samba server works in coordination with Windows Server. These 5 modes of work are share, user, server, domain, and ads. The specific meanings of these 5 types of work modes are described below.

Share (Shared mode)

In this mode, the user's access to the Samba server is not authenticated, that is, the user's access to the shared file is determined only by the users ' access rights without entering the user name and password (that is, allowing anonymous access). This is the simplest, but also the least secure, way to access a Samba server. Unless it is a small network, it is not normally set up. If you want to set this mode, you only need to set the security statement to the following format in the main configuration file smb.conf: Security = share;

User (subscriber mode)

In this mode, the user's access to the Samba server is authenticated by the Samba server against the local account database, and the security level is higher than the share mode. This requires each access user to have its local Linux user account on the Samba server (which can be configured in the/etc/samba/smbusers file) and, of course, to create a new user account in the Samba server for each user who needs permission. This is the default setting for the Samba server.
To set the user working mode, you need to modify the Smb.conf Master profile in the following format:
1. Security = user # Set the operating mode to user
2. Guest account = Samba # Specifies that the guest accounts are samba (which can of course be other account names, and that the account name and password must be entered correctly), for security reasons, the Guest account name is not normally used directly, this statement needs to be added, if the Guest account is not allowed to visit , you do not have to configure this statement;
3. Encrypt passwords = yes # set to encrypt the user password during the authentication process, this statement also needs to be newly added;
4. SMB passwd file =/etc/samba/smbpasswd # Sets the file name and path of the Samba server's password, this statement also needs to be newly added;
With the user mode setting, the Samba password file needs to be set up to create a user account and password in the smbpasswd file, which is the same as the/etc/passwd account and password.

servers (server mode)

In this mode, you must specify the server that is used to authenticate users who are accessing the shared files in the Samba server. User access in this mode is authenticated by other specialized servers and is more secure than the user mode. This server can be a Windows nt/2000/2003 or other Samba server. The server mode is similar to user mode, except that it is not the local samba server that implements authentication, but the other servers in the network. If authentication fails on the specified server, fall back to the user security level and authenticate the access user with the local samba server. Therefore, from the client side, the server mode and the user mode are not fundamentally different, but the location of the server for authentication is not the same.
The following modifications to the smb.conf file are required when setting up the server mode:
1. Security = Server # Set the operating mode to server
2. Guest account = Samba # Specifies that the guest accounts are samba (which can also be other account names), this statement needs to be newly added;
3. Password Server = pwdserver # Specifies the NetBIOS name of the server used for authentication, and this statement needs to be newly added;
4. Encrypt passwords = yes # Specifies that the user password is encrypted during authentication, and this statement needs to be newly added;
5. SMB passwd file =/etc/samba/smbpasswd #设置密码文件名和路径, this statement also needs to be newly added;

domain (field mode)

This mode is to join the Samba server to the Windows domain network as a member of the domain. In this mode, however, the user authenticating to the Samba server is the PDC (primary domain controller) in the domain, not the Samba server.
When this mode is used, the following modifications are required for the Master profile smb.conf:
1. Security = domain # Set the working mode to domain;
2. Workgroup = DomainName # Specifies the Windows domain name (NetBIOS format);
3. Password Server = pdc_name # Specifies the NetBIOS name of the PDC that serves as the authentication server;
4. Also use the "#" symbol to comment out the default file of the SMB passwd file =/ETC/SAMBA/SMBPASSWD statement;

Ads (Active Directory mode)

This is a new working mode for the Linux system Samba server (originally only the top 4), which is used to join the Samba server to Windows Server 2003 Active Directory domain and has the function of Active Directory domain controller. The Samba server is then the equivalent of a domain controller, and you can authenticate the user's access by using the account database in the Active Directory.
With ads working mode, the main profile smb.conf requires the following modifications:
1. Security = ads # setting mode of operation is ads;
2. Realm = My_realm # Specifies the Windows domain name (DNS format);
3. Ads Server = ads_server # Specifies the server DNS name that serves as the authentication server;

RHEL5 Configuring the Samba server for file sharing