Samba usage overview

Article title: Samba usage overview. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Author: linuxCN
　　
Samba protocol basics
After NetBIOS appeared, Microsoft implemented a network file/print service system using NetBIOS. this system sets a file sharing protocol based on NetBIOS, which Microsoft calls Server Message Block (SMB) protocol. Microsoft uses this protocol in their Lan Manager and Windows NT Server systems to share printers, serial ports, and communication abstractions (such as named queues and mail slots) between different computers ).
With the popularity of the Internet, Microsoft hopes to extend this protocol to the Internet, becoming a standard for computers on Inter net to share data with each other. Therefore, it sorts out the existing SMB protocol with few technical documents, renames it CIFS (Common Internet File System), and intends to disassociate it from NetBIOS, try to make it a standard protocol on the Internet.
Therefore, to integrate Windows and Unix computers, the best way is to install software that supports SMB/CIFS on Unix computers, so that Windows customers do not need to change the settings, you can use resources on Unix computers just like using Windows NT servers. Samba is a software used to implement SMB. its working principle is to enable NETBIOS (communication protocol of Windows95 network neighbors) and SMB (Server Message Block) these two protocols run on TCP/IP communication protocols, and the NETBEUI protocol of Windows enables Unix computers to be seen by Windows computers on network neighbors. Its functions include:
1. share the Linux disk to Win95/NT
2. share Win95/NT disk to Linux machine
3. share the Linux printer with win95/NT
4. share the win95/NT printer with the Linux machine.
At the same time, its file service functions are higher than the NT system, and the user's disk space is limited before Windows2000.
Samba configuration
At the time of writing this article, Samba has reached 2.2.2. you can use ftp://samba.org/pub/samba/binary_pa..201711013.i386.rpmto get the latest rpminstallation package. Then run the rpm-Uvh samba-2.2.2-20011013.i386.rpm to install or upgrade it. After the installation is complete, you can see a directory such as/etc/samba, which stores some Samba-related files, most of which is smb. conf. now let's talk about its configuration options based on the configuration file:
Global settings:
Workgroup = MYGROUP
Define the working group or domain of the Samba server (if security = domain is set below ).
Server string = MY Samba Server
Set the machine description. when we access the machine through a network neighbor, we can see this content in the remarks, and we can also use the variables set by samba. Here we will talk about the variables defined by samba:
% S = current service name (if any)
% P = root directory of the current service (if any)
% U = user name of the current service (if any)
% G = the active working group that the current user says is in
% U = user name of the current dialog
% G = main workgroup of the user in the current dialog
% H = Home directory of the current service user
% V = Samba service version.
% H = host name of the machine running the Samba service
% M = client NETBIOS name
% L = Server NETBIOS name
% M = client host name
% N = NIS Server Name
% P = the Home directory of the NIS service
% R = protocol level used (value can be CORE, COREPLUS, LANMAN1, LANMAN2, NT1)
% D = ID of the current service process
% A = client structure (only Samba, WfWg, WinNT, and Win95 can be identified)
% I = client IP address
% T = current date and time
Hosts allow = network or host
Here, you can set the network and host IP addresses that are allowed to access, for example, to allow access from 192.168.1.0/24 and 192.168.2.1/32, host allow = 192.168.1. 192.168.2.1 127.0.0.1 (add ". ", each project is separated by a space, remember to add the local machine)
Printcap name = printcapFile
Obtain the description of the printer in the printcapFile (usually/etc/printcap) file.
Load printers = yes | no
Set whether to automatically share the printer without setting the following [printer] section.
Printing = PrintSystemType
Defines the printing system type. the default value is lprng. The options include bsd, sysv, plp, lprng, aix, hpux, and qnx.
Guest account = pcguest
Define the visitor account and add this account to/etc/passwd. Otherwise, it will use the default nobody.
Log file = LogFileName
Define the location of the record file LogFileName (usually/var/log/samba/% m. log)
Max log size = size
Defines the size of the record File (unit: KB. if it is 0, the size is not limited)
Security = security_level
Defines the security level of Samba, from low to high: share, user, server, domain. The verification methods are as follows:
Share: no security level. any user can access resources on the server without a user name or password.
User: The default configuration of samba. users must provide the user name and password for authentication before accessing shared resources.
Server: similar to the user security level, but the user name and password are submitted to another server for verification, for example, submitted to an NT server. If the submission fails, it is returned to the user security level.
Domain: this security level requires that a Windows primary domain controller exist on the network. samba submits the user name and password to it for verification.
The following three security levels require users to have System accounts on their Linux machines. Otherwise, it cannot be accessed.
Password server =
It is necessary to set the current security to server or domain.
Password level = n
This is intended for SMB customers such as OS/2. when sending user passwords, such systems convert the passwords into uppercase and then send them, this is inconsistent with samba's password. this parameter can be used to set the number of allowed upper-case letters in the password. in this way, samba will re-convert the received password based on this number, verify the correctness of the new password. The larger the n value, the more combinations, the longer the verification time, and the lower the security. For example, if n = 2, the user's password is abcd, but if it is actually ABCD, samba will reorganize the case of this ABCD. the combined result can be: Abcd, aBcd, abCd, abcD, abcd, ABcd, AbCd, AbcD, aBCd, aBcD.
So if there is no need, set n to zero. In this case, samba only tries twice. one is the password received, and the other is the password in lower case.
Username level = n
This is the username, which is similar to the preceding one.
Encrypt passwords = yes | no
Set whether to encrypt the password. samba itself has a password file/etc/samba/smbpasswd. if the password is not encrypted, the plaintext password is transmitted between the client and the server during the verification session, samba directly verifies the password with the/etc/samba/smbpasswd password file in Linux. However, neither versions later than Windows 95 OS/R2 nor versions later than Windows NT SP3 transmit plaintext passwords by default. to enable these systems to transmit plaintext passwords, they must be changed in their registries, it is troublesome. a good way is to set this switch to yes.
Smb passwd file = smbPasswordFile
Set the smbPasswordFile that stores the samba user password (usually/etc/samba/smbpasswd ).
Ssl CA certFile = sslFile
When samba compilation supports SSL, you need to specify the SSL certificate location (typically in/usr/share/ssl/certs/ca-bundle.crt ).
Unix password sync = yes | no
Passwd program =/usr/bin/passwd % u
Passwd chat = * New * UNIX * password * % n
* ReType * new * UNIX * password * % n
* Passwd: * all * authentication * tokens * updated * successfully *
Can these three settings change the password of a unix system from a windows application?
Username map = UsermapFile
Specify the user ing file (usually/etc/samba/smbusers). when we specify a line of root = administrator admin in this file, when the client user is admin or administrator, the connection will be treated as the user root.
Include = MachineConfFile
Specify different configuration files MachineConfFile for connections to different machines (generally for flexible management and use of/etc/samba/smb. conf. % m. because samba variables are used to associate the configuration file with the NETBIOS name of the client, it is easy to control the permissions and settings of these clients ).
Socket options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
This is a number of network socket parameters that can achieve the best file transmission performance. Related options include SO_KEEPALIVE, SO_REUSEADDR, SO_BROADCAST, IPTOS_LOWDELAY, IPTOS_THROUGHPUT, SO_SNDLOWAT (*), SO_RCVLOWAT (*), and numbers with the * sign. Generally, only IPTOS_LOWDELAY is used in the local network. if there is a local network, IPTOS_LOWDELAY TCP_NODELAY is used. if it is a wide area network, try IPTOS_THROUGHPUT.
Interfaces = interface1 interface2
If you have multiple network interfaces, you must specify them here. For example, interface = 192.168.12.2/24 192.168.13.2/24
Remote browse sync = host (subnet)
Where to obtain the synchronization information of the browsing list, if host (such as 192.168.3.25) or the whole subnet (192.168.5.255) is used ).
★Here we will explain what is Browse ):
In the SMB protocol, to access network resources, computers need to know the list of resources on the network (for example, using network neighbors in Windows to view accessible computers ), this mechanism is called Browse ). Although the SMB protocol often uses the broadcast method, if you use the broadcast method every time to understand the current network resources (including the computers providing services and the service resources on each computer ), this requires a lot of network resources and a long time to search. Therefore, it is best to maintain a list of network resources in the network to facilitate searching for network resources. You can search for resources only when necessary, for example, using the search computer function in Windows.
However, it is not necessary for each computer to maintain the entire resource list. The task of maintaining the current resource list in the network is completed by several special computers on the network. these computers are called Browser, these browsers record broadcast data or query name servers to record various resources on the network.
Browser is not a computer specified in advance, but generated between normal computers through automatic recommendations. Different computers can set different weights for recommendations based on their ability to provide services. To ensure