Setting up and accessing Samba services

The creation of Samba services

In the early network world, the transmission of archival data between different hosts is mostly using FTP service, but the FTP service transfer file has some small problems, that is, we can not directly modify the data on the host, that is, if we want to modify the data of a file, The file's server must be downloaded before it can be modified, which can be cumbersome. In fact, to solve this problem is also very simple, the NFS service is very good to solve the problem of file data can not be directly modified, because the NFS service is directly attached to the shared directory on the client machine, then the shared directory as if it became its own directory, the use of shared data is naturally very convenient, but, There are some small problems with NFS, which only makes Unix-like machines share with each other. So what if I need two different platforms for Windows and Unix-like to share with each other? What should I do then? In other words, the FTP service realizes cross-platform sharing, but cannot modify shared data, and NFS solves the problem of modifying shared data, but it has no way to realize cross-platform sharing. As a result, samba services are created as needed. It combines FTP and NFS a bit, not only for cross-platform transmission, but also to meet the function of modifying data.

Configuration files for Samba services

Samba's setup process

1. Server overall settings: In the smb.conf set up a good workgroup, NetBIOS hostname, password use status (no password sharing or native password) and so on;
2. Plan for shared directory parameters: Set up the expected shared directory or device and the available account data in smb.conf;
3. Establish the required file system: According to the setup of Step 2, set up a shared file or device in the Linux filesystem, and the relevant permission parameters
4. Set up an account for the available samba: Set up the required Linux entity account according to step 2, and then set the password for the samba used Pdbedit
5. Start Service: Start Samba's SMBD,NMBD service and start running.

Configuration files for Samba services
From the above set-up process, you can see that the Samba service configuration file for the service to build the role of guidance, then I will first understand the following Samba's basic configuration.

• Smb.conf inherits the format of the. ini file and divides it into different parts with []
• Global settings: Part of the [global] server common or global setting
• Specific sharing settings: [Homes] User's home directory share; [printers] Define printer resources and services; [sharename] Custom shared directory configuration.
• Macro definition:

symbols	Interpretation	symbols	Interpretation
%m	NetBIOS name of the client host	%M	FQDN of the client host
%H	Current User Home directory path	%u	User name of the current user
%g	Group to which the current user belongs	%h	The host name of the samba server
%l	NetBIOS name of Samba server	%I	IP of the client host
%T	The current date and time	%s	User name that can be logged in

Samba Server Global Configuration

• Workgroup Specifying a workgroup name
• Server string Host comment information
• NetBIOS name specifies the NetBIOS name
• interfaces specifies the service listener interface and IP
• The hosts allow for ",", spaces, or tab-delimited, which allows all hosts to access by default, or can be configured independently on each share.
• Hosts deny denies the specified host access
• Config file =/etc/samba/conf.d/%u User-Independent profile
• Log level = 2nd logs, default 0, log not logged
• Max log size = 50 log file reached 50k, round rotate, per kb
• Passdb backend = Tdbsam Password database format

"Samba Service shared directory Configuration"

• Each shared directory should have a separate [] section
• [Share name] share name seen by remote network
• Comment Comment Information
• directory path shared by path
• Public can be accessed by guest share, default to No, and guest OK similar
• browsable allow all users to browse this share, default to Yes,no as hidden
• writeable = yes can be read and written by all users, default is no
• Read Only = no and writeable = yes equivalent, if a conflict with the above settings, put the following settings in effect, default read-only
• Write list three forms: User, @ Group name (e.g. Writeable=no, user or group in list can read and write, not user-readable in list)
• Valid users to access the share, such as NULL, will allow all users access, separated by a space between user names

Samba Service Build-up

Foundation of Samba Service setup
Requirements: Build a Samba service on existing Linux and share the Smbtest directory under/app.
We need to pre-install the software we need before we can build the service.

• Samba: This software mainly provides the various service programs (SMBD and NMBD) required by SMB server and other samba-related logrotate profiles and boot default options files, etc.
• Samba-common: This software provides the data that the server and the client will use, including the Samba's main configuration file (smb.conf), the grammar check instruction (testparm) and so on;

After installing the required software, we can formally start the Samba service.

1. Install the Samba package on the Samba server

   yum - y install samba

2. Create Samba users and groups

   groupadd -r teamuseradd -s /sbin/mologin -G team lsysmbpasswd -a lsyuseradd -s /sbin/nologin qjcsmbpasswd -a qjc

3. Create a Samba shared directory and set up SELinux

   mkdir ./app/smbtestchgrp team /app/smbtestsetfacl -m g:team:rwx /app/smbtest/setfacl -m u:qjc:rwx /app/smbtest/chcon -Rt samba_share_t  /app/smbtest

4. Samba Server Configuration

   vim /etc/samba/smb.conf

   
   Start Samba Service

Windows Client Access

I have a simple set up in the above configuration file, so that users of team group have write permission to the shared directory, while others can only browse the shared directory, can not modify the shared data, specific access such as:

1. Client Login
   
   
   
2. Enter the shared directory as a member of Team group Lsy, you can create in the directory, edit the file
   
3. Enter the shared directory as QJC, because there is no write permission, so only access, the creation of the file will be rejected
   
   
   
   When you try to create a new file
   
4. At the same time, we can view the files created by Lsy users in the server-side shared directory.
   

Samba services implement multi-user mounts (Centos7 support only)

We are still using the shared directory Lishuyang that has been created above (PS:: In a production environment, creating a shared directory, it is recommended to use LVM).
Service side:
On the server side, we also need to create a regular samba user smbbase, as we have a small user login on the client (for multi-user mount purpose is to get greater permissions on the shared directory), the user smbbase only browse the shared directory permissions

useradd -s /sbin/nologin smbbasesmbpasswd -a smbbase

Client

1. Install the software required by the client Cifs-utils (System general default installation)
2. Edit the file to write the account information of the lower-privileged smbbase user
   
3. Create a mount directory and mount the shared directory to a local mount directory
   
   
   
   
4. Enter the/app/mnt directory, you can find that has entered the shared directory, try to modify the file with Smbbase user (smbbase no write permission, so must be refused to write)
   
   
5. Switch to User Lsy and do the following:

   cifscreds add 192.168.100.127

6. Try to modify the file (user Lsy has Write permission, if can be modified, the multi-user mount the experiment successfully)
   
   

PS: There are a few issues to be aware of:

1, firewall to shut down, # service iptables stop

2. Note the permission settings for the shared directory

3, to be set to do not require user name password direct access, you need to modify the configuration file, security is set to Security = share.

Setting up and accessing Samba services