First, install the software
Yum-y Install Samba Samba-common samba-client
Ii. Major Relevant documents
/etc/samba/smb.conf Samba's main configuration file
/etc/samba/smbusers Samba user aliases, such as the ability to alias root with Administrator, admin instead, etc. (function: You can only tell the Samba users that alias, so that the real Samba server can be protected/etc/ passwd user does not leak)
/etc/samba/lmhosts Samba IP and domain name corresponding, similar to/etc/hosts file function
/ETC/SAMBA/SMBPASSWD This file is manually created for use with Samba users and passwords
Three, smb.conf main explanation
[Global]
workgroup = Workgroup
Description: Indicates the workgroup to which the share is located, which can be NT domain name, workgroup name
Server string = Samba server on Centos
Description: The client sees the server's description information
NetBIOS name = CENTOS_SMB
Description: Sets the NetBIOS name of the samba server. If you do not, the first part of the server's DNS name is used by default. NetBIOS name and workgroup names do not have to be set to the same
interfaces = lo eth0
Note: Set which network cards the Samba server listens to, write the NIC name, or write the IP address of the NIC
hosts allow = 192.168.1. 192.168.163.192.168.153.
Description: Represents a client that is allowed to connect to the Samba server, with multiple parameters separated by a space. Can be represented by an IP, or by a network segment. I only allow all clients in 3 network segments to access Samba server. (Comment out means allow all IPs)
Security = User
Description: A total of four authentication methods were set up to verify how users access Samba server.
1. Share: User access to Samba server does not require a user name and password, and security can be low.
2. The User:samba server shared directory can only be accessed by authorized users, and Samba server is responsible for checking the correctness of the account and password. The account number and password are to be established in this Samba server.
3. Server: Relying on other Windows nt/2000 or Samba server to verify the user's account and password, is a proxy authentication. In this safe mode, the system administrator can centralize all Windows users and passwords on an NT system, use Windows NT for Samba authentication, the remote server can automatically authenticate all users and passwords, if authentication fails, Samba will use the user-level security mode as an alternative.
4. Domain: Zone security level, using the primary domain controller (PDC) to complete authentication.
I just need the user-level security verification.
username map =/etc/samba/smbusers
Description: Used to define user name mappings, such as the ability to change root to Administrator, admin, and so on. To be defined in the Smbusers file beforehand. For example: root = Administrator admin, so you can use the administrator or admin two users to the samba Server instead of root to protect the Linux system account root. This file will be introduced later.
Encrypt passwords = True
Description: Whether to encrypt the authentication password. Because the Windows operating system now uses an encrypted password, it is generally important to turn it on.
Passdb backend = smbpasswd
Description: Passdb backend password authentication back end. There are currently three types of support: SMBPASSWD, Tdbsam and Ldapsam. The SMBPASSWD approach is to use SMB's own tool SMBPASSWD to set up a samba password for the system user (real or virtual), which the client uses to access samba resources. The smbpasswd file is in the/etc/samba directory by default, but it is sometimes created manually. Here I choose SMBPASSWD.
SMB passwd file =/etc/samba/smbpasswd
Description: The password file used to define the samba user. SMBPASSWD files are created manually if they do not exist by default.
log file =/var/log/samba/log.%m
Description: Sets the storage location and file name (%m on behalf of the client host name) of the Samba server log file.
max open files =
Description: The maximum number of files that the same customer can open
Socket options = Tcp_nodelay
Description: The socket option used to set the session between the server and the client optimizes the transfer speed.
[xxxxx] shared directory
Description: xxxxx represents the share name
Comment = code string
Description: Comment is a description of the share, which can be any string.
Path =/home/songyd/code
Description: Path is used to specify the paths to the shared directory.
writable = yes
Description: Writable is used to specify whether the shared path is writable. Here we allow writing to meet the file two-way sharing.
writelist = MySQL, jack
Note: Only MySQL and jack2 users are allowed to write to this resource, and the other is read only
browseable = yes
Description: Browseable is used to specify whether the share can be browsed.
Available = yes
Description: Available is used to specify whether the shared resource is available.
Guest OK = No
Description: Allow guest access is allowed
Read Only = yes
Description: Set permissions to read-only permissions
public = No
Description: Shared directory allows all users to access and upload files
Valid users = Jack Sunny
Description: Only allow Jack Sunny to access the shared resource
四、一个 Complete Smb.conf Instance
[Global]
Workgroup = Workgroup
Server string = Samba server on Version%v
NetBIOS name = CENTOS_SMB
Interfaces = Lo eth0
#hosts allow = 192.168.16. 192.168.20.
Security = User
Username map =/etc/samba/smbusers
Encrypt passwords = True
Passdb backend = smbpasswd
SMB passwd file =/etc/samba/smbpasswd
Log file =/var/log/samba/log.%m
Max Open files = 1000
Socket options = Tcp_nodelay
[WebFile]
Comment = frontend Web
Path =/home/wwwroot/frontend/web
browseable = yes
writable = yes
Create mask = 0664
Directory mask = 0755
Guest OK = No
public = No
Available = yes
V. New SAMBA users
Smbpasswd-a MySQL (MySQL for/etc/passwd existing user, does not exist will be an error)
New SMB Password:
Retype new SMB Password:
Added user MySQL.
After entering the Samba user password, the MySQL user password information is generated in the/etc/samba/smbpasswd file, and if you do not want Samba users to use MySQL as the samba username, you can do so in/etc/samba/smbusers Set the user alias, as shown below to add MySQL after the smbpasswd file and smbusers file information
[email protected] samba]# cat SMBPASSWD
Mysql:500:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:fdb5cfc19c8ac660a21ca41fe95e7d8:[u]:LCT-5874994E:
[email protected] samba]# cat Smbusers
# unix_name = smb_name1 smb_name2 ...
Root = Administrator Admin
Nobody = Guest Pcguest smbguest
mysql = SQL (samba users can use SQL as a Samba account to access Samba servers)
Six, restart, start Samba
Service SMB Start
Service NMB Start (NMB function is NetBIOS, you can access samba using host name mode)
Samba Server Setup