Setting up a Samba server in Linux

Here's how to build a Samba server in RHEL5.4, before you build a Samba server:

(1) What Samba servers are for;

(2) What is its main function;

(3) Under what circumstances it will be used.

SMB protocol

the SMB protocol is the share files/printers in LAN protocol that provides file system and print services for Windows and Linux hosts inside the network.

SMB works by allowing NetBIOS and SMB to run on TCP/IP and using NetBIOS nameserver to allow Linux machines to be browsed in a Windows Network Neighborhood. This makes Windows easy to share resources with Linux.

Samba
Samba is a software that implements SMB and is free software that runs in a Linux environment. Its main functions include the following points:

1.shared directoryis to set one or more directories on the server to be shared, and for example, Windows users in the same LAN can access these directories.
2.Share a printer: You can share printers from a server for use by other clients.
3.controlling permissions for shared resources: For a set of resources (directory and printer), you can control different users with different permissions by setting permissions.
4.Linux access to Windows shared resources: on Linux clients, you can log in using the smbclient client software in a way similar to using FTPAccess Windows shared resources.

To build a Samba server:

First,the first is to install Samba., you can use the RPM package to install, or you can use the TAR source package to install. RPM package will need to install two packages: samba-common-version and samba-version of two packages. You can use the RPM-VIH command to install.
Second,Configure the IP address of the server, the IP address of the general server is best used statically. Specific how to configure, you can refer to the building of the DHCP server that article.
Third,Start Samba service, the Samba service has been launched to provide shared services for clients, and Samba has 2 daemons: SMBD and NMBD.
1.SMBD is the main startup process for Samba, which allows other computers within the network to know which resources are shared by the Samba server.
The 2.NMBD process is used to parse the workgroup shared by the Samba server and the NetBIOS name under some workgroup.
Four,Configure the configuration file for the Samba server, the RHEL5 samba configuration file is stored in the/etc/samba/smb.conf. We can modify this configuration file to make Samba work more secure.

The parameters in its configuration file are as follows:

1. Global options [Gloabal]:
NetBIOS Name: Set the NetBIOS name of the samba server, this parameter can not be set, Samba will use the first part of the native domain name as the value of this option.
Workgroup: Sets the workgroup to which the current Samba server is joined, and if the security option is set to domain, the Workgroup can be set as the field name.
Server string: Used to set the native description, can be arbitrarily written.
Security: Sets the basic security level of the Samba server, including share, user, server, and DOMAIN4 values. Depending on the settings, user access to the Samba server to share resources when the authentication method is also different; When set to user, a username and password is required for authentication; When set to share, no authentication is required; When set to server, the user security level type; Requires an NT PDC in the network, and the user name and password are verified in the NT PDC.
Note: Generally we use only share and user two security levels, and server and domain security levels are rarely used.
Encrypt passwords: Sets whether the password is encrypted. Because the clear text password cannot be delivered by default in Windows, it is recommended that you set it to Yes (encrypt the password).
Username Map: The value of this option is a file name. The file pointed to contains a mapping between the user name from the client and the Linux system user name in the Samba server.
Guest Account: Sets the user name of the guest accounts (guest), which can be nobody, FTP, and other users who do not require a password.
host allow: Which computers can access the Samba server, can enter multiple IP addresses, or can be set to a network segment.
host deny: The opposite of host allow above.
Printcap Name: Sets the description of the printer (usually the/etc/printcap file) from the specified file.
Load Printers: If set to Yes, indicates that the printer list is allowed to load automatically without having to set up each printer individually, that is, the contents of the [Printer] section after the configuration file are not used.
printing: Defines the type of printer system.
Log file: Defines the log files.
Max log size: Set the log file sizes in KB, set to 0, and size.
interface: If the server has multiple network interfaces, you need to specify which network interfaces are used here.

2. Sharing options:
Comment: Comment description for the shared directory.
writable: Whether the user can write to the shared directory (Note: If this is set to Yes, but your shared directory user does not have write access, then the user cannot write data to this shared directory).
browseable: Sets whether the user can browse to the directory (still accessible by specifying a shared directory name).
Valid Users: A list of people who can access the shared directory.
Invalid users: Contrary to valid users.
Create mode: the permission attributes (such as 0664) that are set on the file when the file is created in the shared directory.
ReadOnly: Sets whether the shared directory is read-only mode.
Public : Sets whether the shared directory allows anonymous access.
Guest OK: same as public.
path: Sets which directory of the Linux file system the shared directory corresponds to.
writable: Sets whether the shared directory is write permission.
Read Only: Sets whether the shared directory is read-only (no is writable, yes is read-only, and is not confused with the readonly above).
Read List : A list of users who can access the shared directory only with Read access.
Write list : A list of users with write permission, regardless of the writeable and read list settings, the user set in this option has write permissions.

3. Special setting Options:
Span style= "Color:rgb (102, 102, 102); In the smb.conf file, there are also two special sections: [Home] and [printers], which are set up for users who have accounts on the samba server.
[home]

[printers]

Five , add Samba user
    when in [Gloabal] When the security option is set to user in the section, to access shared resources on the Samba server, the user must enter a user name and password that is authenticated for access. The user name here must be a user name that exists on the Linux system, and the password is not necessarily the password to log in to the shell, and the password can be created separately using the program SMBPASSWD provided by Samba.
Note: Typically, for system security, use the Useradd command to create a user who cannot log in to the shell and set a password for it without using the passwd command.
smbpasswd    [option]    [user name]

-d: Prohibit users.
-x: Delete user.

Vi. Examples of samba applications:
1. Anonymous Samba server:
Example background: The enterprise plans to set up a Samba server to provide software sharing services to clients within the LAN, and the commonly used packages are stored in the/usr/soft/directory on the server, requiring the user to download only from the directory, and not to upload files in the modified directory. In addition, each client can also use the Samba server for temporary file storage, that is, any user has the right to write files to a directory on the server, such as:/usr/temp/directory.
according to the above requirements, the configuration steps are as follows:
first create the directory/usr/soft/and/usr/temp/, and then modify the permissions.
#mkdir/usr/soft
#mkdir/usr/temp
#chmod 755/usr/soft
#chown nobody:nobody/usr/temp
#vi/etc/samba/smb.conf

#==============================global settings=============================
[Global]
workgroup = Workgroup
Server string = Samba Server
Security = Share
#==============================share definitions===========================
[Soft]
Path =/usr/soft
Public = yes
Read Only = yes
[Temp]
Path =/usr/temp
Public = yes
Read Only = no
#service SMB Restart

The above is an anonymous Samba server based on company requirements, let's look at how to set up a Samba server configuration that requires authentication, modify the above cases to meet the following requirements:
1.soft directory: Save common software, all users have only Read permissions, except Admin admin, admin can write to this directory to update the installation package.
Temp directory: Still as a temporary file Exchange directory, there are users can read and write operations.
Tech Catalog: Save the Technical department's information, the directory only the technical staff can read and write operations, other people do not access (Manager can access the directory, can not be modified).
Market Directory: Save the Marketing department's information, this directory only the marketing department employees can read and write operations, other people do not access (managers can access the directory, can not be modified).
the steps to achieve the above case requirements are as follows:
#groupadd Tech
#groupadd Market
#useradd-S/sbin/nologin admin
#useradd-S/sbin/nologin manager
#useradd-G tech-s/sbin/nologin Li
#useradd-G market-s/sbin/nologin Wei
#smbpasswd -a admin
Enter Password:
# Repeat the above command after each user is set up.
#mkidr/home/tech
#mkidr/home/market
#chown Manager:tech Tech
#chown Manager:market Market
#chmod 570/home/market
#chmod 570/home/tech
#chmod 777/usr/temp
#chown Admin/usr/soft
After you finish the above steps, then modify the configuration file and add the following entry in the configuration file:
#=====================global setting==================
[Global]
workgroup = Workgroup
Server string = Samba Server
Security = User
======================share definitions================
[Soft]
Path =/usr/soft
Public = yes
writable = no
Write list = Amdin
[Temp]
Path =/usr/temp
Public = yes
writable = yes
[Tech]
Path =/home/tech
Valid users = Manager, @tech
Write list = @tech
Read List = Manager
[Market]
Path =/home/market
Valid users = Manager, @market
Read List = Manager
Write list = @market
: Wq
After you modify the configuration file, save the exit, and then restart the SMB Service: Service SMB restart
the above is the establishment of the Samba server, after the completion of the Windows client can enter the IP address of the//samba server, to verify the success of the experiment.

Setting up a Samba server in Linux