1. Install the Package
Rpm-q Samba Samba-common samba-client cifs-utils
Yum-y Install samba Samba-common samba-client cifs-utils
SMBD manages the directories shared by Samba hosts, files and printers, and so on. Reliable data transfer using TCP 139 445
NMBD Management Workgroup, NetBIOS name, and so on, using UDP 137 138来 task for name resolution
2. Modify the master configuration file
Security
Share does not require a password to access
User requires password (default)
Smbclient-l Server IP
Smbclient-u account name//server ip/share name
Useradd Nick
Useradd Hunter
Smbpasswd-a Nick equals pdbedit-a Nick set a password
cd/etc/samba/
[email protected] samba]# CP smb.conf Smb.conf.bak
[Email protected] samba]# vim smb.conf
Workgroup = Tarena Workgroup
Server string = Prompt for Windows Server 2008 links (suggested to get rid of default)
[Tools]
Path =/USR/SRC//Specify Shared path
public = no//not open to everyone
Read Only = yes//default permissions are read-only
Valid users = nick,hunter//Specify a legitimate user
Write list = Hunter//user Hunter readable writable
3. Start the service
[[email protected] samba]# testparm detection configuration command
[[Email protected] samba]# service SMB,NMB restart; Chkconfig NMB,SMB on
[Email protected] samba]# NETSTAT-TULNP | grep SMB
TCP 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1489/smbd
TCP 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1489/smbd
TCP 0 0::: 139:::* LISTEN 1489/SMBD
TCP 0 0::: 445:::* LISTEN 1489/SMBD
4. Set permissions
[Email protected] ~]# setfacl-m u:hunter:rwx/usr/src/
[Email protected] ~]# getfacl/usr/src/
5. Testing
Windows:
UNC path \\192.168.10.10
Linux:
[Email protected] ~]# yum-y install samba-client
[Email protected] ~]# smbclient-l 192.168.10.10
[Email protected] ~]# smbclient-u Nick//192.168.10.10/tools
SMB: \>!ls
Anaconda-ks.cfg anon.txt Install.log.syslog local.tgz
Anon.tgz Install.log Lisi.txt
SMB: \> put Install.log
SMB: \> quit
[Email protected] ~]# Smbclient-u Hunter//192.168.10.10/tools
SMB: \> ls
SMB: \> put Install.log
SMB: \> ls
SMB: \> quit
[Email protected] ~]# Mkdir/mnt/smbdir
[[email protected] ~]# Mount-o username=nick,password=redhat//192.168.10.10/TOOLS/MNT/SMBDIR/7 does not support the setting of the-o password, only manually
6. Set up auto mount on boot
[[email protected] ~]# grep smbdir/etc/fstab
192.168.10.10/tools/mnt/smbdir CIFS defaults,username=nick,password=redhat 0 0 You can also call the file credentials= file file permissions 600
[Email protected] ~]# mount-a
[Email protected] ~]# DF-HT
Test two: Samba account alias and access address control
1. Modify the Samba user alias file
[Email protected] ~]# vim/etc/samba/smbusers
# unix_name = smb_name1 smb_name2 ...
Root = Administrator Admin
Nobody = Guest Pcguest smbguest
Hunter = Hijack
2. Modify the master configuration file
[Email protected] ~]# vim/etc/samba/smb.conf
Username Map =/etc/samba/smbusers Alias
[Tools]
Path =/USR/SRC
public = No
Valid users = nick,hunter active user
Write list = Hunter writable user
Hosts allow = 192.168.10.20 access control
3. Client-side testing
[Email protected] ~]# Smbclient-u hijack//192.168.10.10/tools
Enter Hijack ' s password:
Domain=[tarena] Os=[unix] Server=[samba 3.6.9-164.el6]
SMB: \> ls
For RHEL7
Set up firewalls, etc.
Firewall-cmd--permanent--add-service=samba; Firewall-cmd--reload
Semanage fcontext-a-T samba_share_t '/SMB1 (/.*)? ' (Chcon-r-T SAMBA_SHARE_T/SMB1) SMB1 as a shared directory
restorecon-rfvv/smb1/
Semanage Fcontext-l | grep SMB1 View Kernel default context
IP/SMB1/MNT/SMB1 CIFS defaults,credentials=/root/smb1.passwd 0 0
Chmod 600/root/smb1.passwd
IP/SMB2/MNT/SMB2 CIFS DEFAULTS,CREDENTIALS=/ROOT/SMB2.PASSWD,MULTIUSER,SEC=NTLMSSP 0 0
/ROOT/SMB2.PASSWD write any chmod that can be accessed 600/root/smb2.passwd
Based on multi-user security
Su-User
Cifscreds add Server0 (server) tiered management, (for multi-user, some readable, some writable)
Example
Multi-User Mount
Read-write Setfacl-m U:LDAPUSER5:RWX/SMB2
Vim/etc/samba/smb.conf
[SMB2]
Path =/SMB2
Valid users = user1, User2, @hr
Write list = User2
Systemctl Enable NMB smb;systemctl restart NMB SMB
Semanage fcontext-a-T samba_share_t '/SMB2 (/.*)? ' (Chcon-r-T SAMBA_SHARE_T/SMB1)
restorecon-rfvv/smb2/
Client
Vim/etc/fstab
IP/SMB2/MNT/SMB2 CIFS DEFAULTS,CREDENTIALS=/ROOT/SMB2.PASSWD,MULTIUSER,SEC=NTLMSSP 0 0
/ROOT/SMB2.PASSWD write any chmod that can be accessed 600/root/smb2.passwd
Cifscreds Add Server0
Samba Installation and configuration