The theory of Samba server in Linux

Source: Internet
Author: User
Tags anonymous file upload ftp ftp commands hash ldap net time stdin

First, Samba and NFS, FTP

Before you know about the Samba service, you need to know about the CIFS protocol (Common Internet File System), which was the first of a Microsoft deal. The CIFS protocol is the first to implement file sharing and print sharing between Windows hosts, and is not supported on Linux, Samba is a CIFS protocol software implemented by Andrew Tridgell engineers through reverse engineering. This package enables file sharing between Windows and Linux. This is just the opposite of the way NFS goes, NFS initially only supported on Unix-like systems, after Windows also learned, so the OS can not simply say who is good who bad, a lot of things are borrowed from each other.

One of the benefits of Samba versus NFS is that you can map a remote disk or mount point to the local computer, and edit the file each time as if you were a native editor. FTP needs to be downloaded to local modifications before uploading.

Ii. Samba related packages and procedures

1. Samba Package

At present, Samba is the source of the default Samba 4.x version, the main use of related software packages are:

# yum list|grep samba samba.x86_64                             4.1.12-21.el7_1                   @base samba-common.x86_64                     4.1.12-21.el7_1                   @base samba-libs.x86_64                        4.1.12-21.el7_1                   @base samba-client.x86_64                     4.1.12-21.el7_1                  base samba-python.x86_64                     4.1.12-21.el7_1                  base samba-winbind.x86_64                    4.1.12-21.el7_

1                 base Samba-winbind-modules.x86_64           4.1.12-21.el7_1                  base


Samba service-related configurations are mainly samba, Samba-common, samba-client three packages and cifs-utils packages, and the specific three packages function as follows:

Samba: Mainly provides the required grid services for SMB services such as SMBD and NMBD and samba-related EVENTLOGADM programs;

Samba-client: The package mainly provides the relevant procedures for the use of Samba client mount, such as SMBPASSWD, Smbtree, etc.

The package is required to support the CIFS protocol when the Cifs-utils:mount is mounted, and there is no mount.cifs command to install the package. There will also be an error when using mount mounts;

Smba-common: This package provides the main configuration files for Samba services smb.conf, Lmhosts files, pdbedit user-related and testparm syntax check directives, and so on.

2. Samba Related documents and procedures

/etc/samba/smb.conf:samba The main configuration file of the service;

/etc/samba/lmhosts:netbios name and IP corresponding relationship, do with similar to/etc/hosts, generally do not need to configure;

/ETC/SYSCONFIG/SAMBA:SMBD, NMBD Service custom parameter configuration file;

/etc/samba/smbusers:windows and Linux users are inconsistent, you can map the corresponding mapping, in the new version of the default does not exist, instead of the username map parameters, through this parameter can specify a specific mapping file;

/var/lib/samba/private/{passdb.tdb,secrets.tdb}:samba user and password database files;

/usr/bin/{tdbdump,tdbtool}: After Samba 3.0, the default is to use the TDB library (Trivial database), which is used to view and manipulate the TDB library, but the results are somewhat similar to the 16 data, generally not used, Need to install Tdb-tools package;

The/USR/BIN/{SMBPASSWD,PDBEDIT}:SMBPASSWD command is used to create the samba user and modify the password, which is the function of the passwd command. After Samba 3.0, the PDB library is used, and the Pdbedit command is the Information Management command for the samba user in the new version;

/usr/bin/testparm: Used to test the correctness of smb.conf syntax.

/usr/bin/smbclient: The resources that Samba shares can be managed interactively, somewhat similar to FTP commands;

/usr/bin/nmblookup:netblos query tool, similar to the function of Nslookup;

/usr/bin/smbtree: View workgroup and host names on your network, and so on, somewhat similar to the online neighborhood in Windows

Use examples:

1, Tdbdump

# tdbdump passdb.tdb {key  =  "rid_000003e8\00" data (6)  =  "usera\00"} {key (one)  =  "user_usera\00" data ()  =  "\00\00\00\00\7f\a9t|\7f\ a9t|\00\00\00\00bd\f5u\00\00\00\00\7f\a9t|\06\00\00\00usera\00\04\00\00\00www\00\01\00\00\00\00\01\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\ E8\03\00\00\01\02\00\00\00\00\00\00\10\00\00\00\e5\81\0f<\99\ae*\bb\222\ed\84x\a6\13\09\00\00\00\00\10\00\ 00\00\a8\00\15\00\00\00 \00\00\00\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\ec\04\00\00 "} {key  = " info/minor_version\00 "data (4)  =& nbsp; " \00\00\00\00 "} {key (9)  = " next_rid\00 "data (4)  = " \e9\03\00\00 "} {key (+)  =  INFO /version\00 "Data (4)  = " \04\00\00\00 "} 


2, Tdbtool

# tdbtool passdb.tdb tdb> list hash=23  rec:  Hash=23 offset=0x00001e38 next=0x00000000 rec_len=28 key_len=13 data_len=6 full_ hash=0xc6948dbc magic=0x26011999 hash=33  rec: hash=33 offset=0x00001e6c next=

0x00000000 rec_len=228 key_len=11 data_len=182 full_hash=0x41061b85 magic=0x26011999 hash=52  rec: hash=52 offset=0x00001f68 next=0x00000000 rec_len=32 key_len=19  data_len=4 full_hash=0x538a9285 magic=0x26011999 hash=65  rec: hash=65 offset= 0x00001fd4 next=0x00000000 rec_len=20 key_len=9 data_len=4 full_hash=0x70a13a4c  magic=0x26011999 hash=103  rec: hash=103 offset=0x00001fa0 next=0x00000000 rec_len=28  key_len=13 data_len=4 full_hash=0xf2394cd5 magic=0x26011999 freelist: 


3, SMBPASSWD and Pdbedit

Before you create a samba user, you need the user to exist locally

# useradd-g users smb1
# useradd-g users smb2
# echo 361way.com | passwd--stdin smb1
# echo 361way.com | passwd--stdin SMB2


Use SMBAPSSWD to create:

SMBAPSSWD Common items:


-A: Create a new user, without a parameter directly with the user to modify the user password;
-C: Specifies the location where the password file is generated;
-x: Delete user;
-D: Temporarily disable a user;
-e:enable a user;
-D: Specifies the debug level;
-N: Sets a user's password to be null, the user uses the blank password in the SMB.CONF global item configuration null passwords = yes;
# smbpasswd-a SMB1
New SMB Password:
Retype new SMB Password:
Added user Smb1.
Use the Pdbedit command to create:

Pdbedit Common options:
-L: Lists samba users and information;
-V: needs to be executed with-l to list more information;
-W: needs to be executed with-l, using the old version of the SMBPASSWD format to display information;
-A : Add samba users;
-r: Modify a user's information, with a lot of special parameters, please man pdbedit;
-x: Delete a user, you can use-l to find the user before? h except;

#&nbsp;pdbedit&nbsp;-a&nbsp;-u&nbsp;smb2 New&nbsp;password:retype&nbsp;new&nbsp;password:unix&nbsp;username: &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;SMB2 nt&nbsp;username:account&nbsp;flags:&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[u&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;] User&nbsp;SID: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; s-1-5-21-1462619673-710706269-1943266961-1002 primary&nbsp;group&nbsp;sid:&nbsp;&nbsp;&nbsp;&nbsp; s-1-5-21-1462619673-710706269-1943266961-513 full&nbsp;name:home&nbsp;directory:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp; \\WWW\SMB2 homedir&nbsp;drive:logon&nbsp;script:profile&nbsp;path:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; \\www\smb2\profile domain:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;www account&nbsp;desc:workstations:munged&nbsp;dial:logon&nbsp;time:&nbsp;&nbsp;& nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0 logoff&nbsp;time:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;wed,&nbsp;06 &NBSP;FEB&NBSP;2036&NBSP;23:06:39&NBSP;CST kickoff&nbsp;time:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;WED,&NBSP;06&NBSP;FEB&NBSP;2036&NBSP;23:06:39&NBSP;CST password&nbsp;last&nbsp;set:&nbsp;&nbsp;&nbsp; &NBSP;SUN,&NBSP;13&NBSP;SEP&NBSP;2015&NBSP;21:09:45&NBSP;CST Password&nbsp;can&nbsp;change:&nbsp;&nbsp;sun, &NBSP;13&NBSP;SEP&NBSP;2015&NBSP;21:09:45&NBSP;CST Password&nbsp;must&nbsp;change:&nbsp;never Last&nbsp;bad &nbsp;password&nbsp;&nbsp;&nbsp;:&nbsp;0 bad&nbsp;password&nbsp;count&nbsp;&nbsp;:&nbsp;0 Logon&nbsp;hours&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;:&NBSP;FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF pdbedit&nbsp; is a new directive, but cannot modify the user password, so it is still unable to completely replace the role of SMBPASSWD.

4, Testparm

Testparm is a grammar test command, as follows:

&nbsp; #&nbsp;testparm load&nbsp;smb&nbsp;config&nbsp;files&nbsp;from&nbsp;/etc/samba/smb.conf rlimit_max:&nbsp; increasing&nbsp;rlimit_max&nbsp; (1024) &nbsp;to&nbsp;minimum&nbsp;Windows&nbsp;limit&nbsp; (16384) processing
&nbsp;section&nbsp; [Homes] "processing&nbsp;section&nbsp;" [Printers] "processing&nbsp;section&nbsp;" [public] "
Loaded&nbsp;services&nbsp;file&nbsp;ok. Server&nbsp;role:&nbsp;role_standalone Press&nbsp;enter&nbsp;to&nbsp;see&nbsp;a&nbsp;dump&nbsp;of&nbsp;your &nbsp;service&nbsp;definitions [Global] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;workgroup&nbsp;=&nbsp; MyGroup &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;server&nbsp;string&nbsp;=&nbsp;Samba&nbsp;Server&nbsp; Version&nbsp;%v &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;map&nbsp;to&nbsp;guest&nbsp;=&nbsp;Bad&nbsp; User &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log&nbsp;file&nbsp;=&nbsp;/var/log/samba/log.%m &nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;max&nbsp;log&nbsp;size&nbsp;=&nbsp;50 &NBSP;&NBsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;load&nbsp;printers&nbsp;=&nbsp;no &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;idmap&nbsp;config&nbsp;*&nbsp;:&nbsp;backend&nbsp;=&nbsp;tdb &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;cups&nbsp;options&nbsp;=&nbsp;raw [Homes] ............. ..... Slightly


5, Smbclient

Smbclient has two functions, one is query function, one is similar to FTP interactive management function, as follows:

Smbclient query for current shared information

#&nbsp;smbclient&nbsp;-l&nbsp;192.168.0.109 enter&nbsp;root ' S&nbsp;password:domain=[mygroup]&nbsp;os=[unix] &NBSP;SERVER=[SAMBA&NBSP;4.1.12] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sharename&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;comment &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

&nbsp;&nbsp;---------&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;----&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;------- &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;disk&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;dir &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ipc$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ipc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;IPC&nbsp;Service&nbsp; (samba&nbsp;server&nbsp;version&nbsp;4.1.12) Domain=[mygroup]&nbsp;os=[unix] &NBSP;SERVER=[SAMBA&NBSP;4.1.12] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Server&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbSp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;comment &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;---------&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-------


Usage of class FTP interactive management

# smbclient '//192.168.0.109/public '-u smb1

Enter smb1 ' password:

Anonymous login Successful

domain=[ MyGroup] Os=[unix] Server=[samba 4.1.12]

SMB: \> dir


# me? You can use common FTP directives such as Dir, get, and put to transfer files
? : List all the commands you can use, commonly used!
CDS: Switching directories
Del: Deleting files
LCD: Change the local directory
LS: View file information under the Samba share directory
Dir: Same as S
Get: Downloading Files
Mget: Multiple file downloads
Mput: Multiple file uploads
Put: Single File upload
RM: Deleting files
Exit: Exiting
# Internal More instructions can be viewed, or man smbclient can be obtained.
6, Smbtree

# Smbtree
Enter Root ' s password:
WORKGROUP
\\YNNYCSK9X26EZUE//My Win7 mainframe is here, too.
MyGroup
\\WWW Samba Server Version 4.1.12


7, the Client mount

Common parameters for Mount.cifs or mount-t cifs are (-O-back):

Username= login user name, such as USERNAME=SMB1;

password= login Password: corresponding to the above username;

iocharset= the default encoding of the machine, such as UTF8 or gb2312;

Codepage= the encoding of the remote host that provides the samba service, for example, under Windows Traditional Chinese for cp950 and Simplified Chinese for cp936.

Mount under Linux Client
# mount-t CIFS//192.168.1.109/smb1/mnt/samba \
-O username=smb1,password=361way.com,codepage=cp936
Mount under Windows Client, or you can enter \\IP in the start-run
NET Use Q: \\192.168.0.109\public
NET use H: \\192.168.0.109\shareFile "password"/user: "username"
Note: It is necessary to note that Linux and win under the Mount, the use of oblique direction is different.

8, Smbstatus

Used to view the client host information currently connected to the server side:

# smbstatus

Samba version 4.1.12

PID Username Group Machine

--------------------------------- ----------------------------------

2894 Nobody Nobody 192.168.0.104 (ipv4:192.168.0.104:50709)

Service pid Machine Connected at

-------------------------------------------------------

public 2894 192.168.0.104 Sun Sep 21:40:04 2015

No locked files


Third, the Samba service configuration

/etc/samba/smb.conf configuration file:

[Global] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;workgroup&nbsp;=&nbsp;MYGROUP&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;//Working Group &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;netbios&nbsp;name&nbsp;&nbsp; &nbsp;&nbsp;=&nbsp;361way&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//netbios name &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

&nbsp;server&nbsp;string&nbsp;=&nbsp;samba&nbsp;server&nbsp;version&nbsp;%v&nbsp;&nbsp;&nbsp;//server string that can be written arbitrarily &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;unix&nbsp;charset&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp;utf8&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Coding for use under &nbsp;//linux &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;display&nbsp;charset&nbsp;=&nbsp;utf8&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;//the native display of the encoding &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;dos&nbsp;charset&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;= &nbsp;cp936&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// The code used under win &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;log&nbsp;file&nbsp;=&nbsp;/var/log/samba/log.%m&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;//Log File Location &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;maximum&nbsp;size&nbsp; Of&nbsp;50kb&nbsp;per&nbsp;log&nbsp;file,&nbsp;then&nbsp;rotate: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;max&nbsp;log&nbsp;size&nbsp;=&nbsp;50 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;security&nbsp;= &nbsp;user &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passdb&nbsp;backend&nbsp;=&nbsp;tdbsam&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//specify the data format for the user name password store &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;passdb&nbsp;backend&nbsp;=&nbsp;tdbsam:/etc/samba/private/passdb.tdb&nbsp;&nbsp;//Specify the location of the password file &nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passdb&nbsp;backend&nbsp;=&nbsp;ldapsam: "ldap://ldap-1.example.com &nbsp; LDAP://LDAP-2.example.com "&nbsp;//uses LDAP authentication, followed by an alternate node &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;map&nbsp;to&nbsp;guest &nbsp;=&nbsp;bad&nbsp;user&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// Turn on anonymous access &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;interfaces&nbsp;=&nbsp;lo&nbsp;eth0&nbsp;192.168.12.2/24 &nbsp;192.168.13.2/24&nbsp;&nbsp;&nbsp;//listening for native ports and using IP, default listener for all &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; hosts&nbsp;allow&nbsp;=&nbsp;192.168.12.&nbsp;&nbsp;192.168.13.&nbsp;except&nbsp;192.168.12.100&nbsp;&nbsp;// Allow connected IP network segments, default allow all &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cluster&nbsp;addresses&nbsp;=&nbsp;10.0.0.1 &nbsp;10.0.0.2&nbsp;10.0.0.3&nbsp;&nbsp;&nbsp; Cluster Setup &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;username &nbsp;map&nbsp;=&nbsp;/usr/local/samba/lib/users.map&nbsp;&nbsp;&nbsp;//User name Correspondence mapping &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;logon&nbsp;drive&nbsp;&nbsp;&nbsp;=&nbsp;K:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;//windows the local letter name mapped when automatic mount &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;logon&nbsp; script&nbsp;&nbsp;=&nbsp;startup.bat&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//scripted programs automatically executed after client access &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;time&nbsp;server&nbsp;&nbsp;&nbsp;=&nbsp;yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//automatically lets &nbsp;windows host &nbsp; &nbsp;Samba&nbsp; server time sync &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;admin&nbsp;users&nbsp;&nbsp;&nbsp;=&nbsp;root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//Default Admin user &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;logon&nbsp; path&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp; \\%n\%u\profile &nbsp;//User's personalized settings &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;logon&nbsp;home&nbsp;&nbsp;&nbsp;&nbsp;=&nbsp; \\%n\%u &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

&nbsp;//User's home directory location! &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set&nbsp;quota&nbsp;command&nbsp;=&nbsp;/usr/local/sbin/set_quota&nbsp;&nbsp;&nbsp;//disk quota related &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;load&nbsp;printers&nbsp;= &nbsp;yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;//Open Printer Sharing &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cups&nbsp;options&nbsp; =&nbsp;raw &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;obtain&nbsp;a&nbsp;list&nbsp;of&nbsp;printers &nbsp;automatically&nbsp;on&nbsp;unix&nbsp;system&nbsp;v&nbsp;systems://Common options for specific shared Items

[Share name]
comment= suggestive Information
Path= a specific shared directory path
Browseable= whether the user is allowed to view, yes or no
Writable= whether there is write permission, yes or no
Create mode and directory mode, default permission settings, such as: force create mode = 0755, Default is 000
writelist = user, @ Group? In addition to @, there are +, & two symbols
I've commented on most of the above options, and here's a few more typical sections to go through.

Security = User: In the old version, the option in the share, user, Domain,share is open anonymous defense, in the new version of the item due to safety considerations were canceled. The default is user, and you want to open the map to guest row behind anonymous anti-Q Plus. The new version of the security behind can be followed by the auto, USER, DOMAIN, ADS (Windows AD domain);

Logon script = Startup.bat: Automate scripts, and when used for Windows client access, automatically maps access directories to this site, such as the use of scripting content here:

NET time \\192.168.0.109/set/yes
NET use K:/samba or
NET Use Q: \\192.168.0.109\public
Note that the above content needs to be edited under Windows, and if you use Linux to edit, you need to use the Unix2dos command to convert.

For more configuration, use the man smb.conf view.

Four, firewall and SELinux

Ports that need to be released on the firewall are UDP 137, 138--NMBD service footprint, TCP 139, 445--SMBD service usage:

#&nbsp;netstat&nbsp;-ntlup|grep&nbsp;mb tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0&nbsp;0.0.0.0:139&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LISTEN&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2483/SMBD tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;0.0.0.0:445&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;LISTEN&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2483/SMBD tcp6&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;:::139&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP:::* &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LISTEN&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2483/SMBD tcp6&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;:::445&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP:::* &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;LISTEN&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2483/SMBD udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0&nbsp;192.168.0.255:137&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0.0.0.0:*&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2489/NMBD udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;192.168.0.109:137&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0.0.0.0:* &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2489/NMBD udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0&nbsp;0.0.0.0:137&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2489/NMBD udp&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;192.168.0.255:138&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2489/NMBD udp&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;192.168.0.109:138&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2489/NMBD udp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;0.0.0.0:138&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2489/nmbd

Use the following command to release:

Firewall-cmd--permanent--add-port=137-138/udp
firewall-cmd--permanent--add-port=139/tcp
firewall-cmd--reload
selinux related items are described in the comments section of/etc/samba/smb.conf, as follows:
modify the upper and lower files for a shared directory as Samba_share mode
# CHCON-T samba_share_t/test
System directory needs to be opened when read and write:
# setsebool-p Samba_export_all_ro on
# setsebool-p Samba_expor T_ALL_RW on Home
directory share needs to be
used when #setsebool-p samba_enable_home_dirs on
domain control (generally not used)
# setsebool-p Samba_domain_controller on

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.