Ubuntu configuration Samba file sharing server

Samba is a free software that implements the SMB protocol on Linux and UNIX systems, consisting of servers and client programs. SMB(Server Messages block, information service blocks) is a communication protocol that shares files and printers on a local area network . It provides shared services for files and printers among different computers in the LAN.

Environment: win7_64 bit +vmware11+ubuntu1204

One, like other network services, the use of Samba services must ensure that the server and the client can be networked, that is, to be able to ping, or debug the network first.

Second, if you are using a previous version of Ubuntu1204, we recommend uninstalling Samba,smbclient,samba-common first.

1  sudo apt-get remove samba-common  2sudo apt-get remove smbclient 
    
     3
     sudo apt-get remove Samba
    

Download and install Samba services:

  1    sudo  apt-get  Install  samba  2  sudo  Apt-get install  samba-3  sudo  apt-get install  smbfs 
    
     //
      4  install  cifs-utils  new version ubuntu1204 installed 

Note: If an error occurs during the installation of Samba

Samba:Depends:libwbclient0 (= 2:3.6.3-2UBUNTU2) but 2:3.6.3-2ubuntu2.3 was to be installed

Then reinstall Samba after uninstalling

sudo apt-get remove libwbclient0 Samba-common Samba

sudo apt-get install Samba//apt-get automatically complements dependent packages

Third, create a shared directory

sudo mkdir/home/share
Sodu chmod 777/home/share

Four, start configuring/etc/samba/smb.conf

1. Save the existing configuration file

sudo cp/etc/samba/smb.conf/etc/samba/smb.conf.bak

2. Modify the current configuration file

sudo vi/etc/samba/smb.conf

3. Last added in smb.conf

[Share]
Path =/home/share #共享目录绝对路径
available = yes #共享资源可用
browseable = yes #共享目录可浏览
Public = yes #允许匿名用户登录
writable = yes #共享目录可写

"Shared Properties in detail"

comment = arbitrary string

Description: Comment is a description of the share, which can be any string.

Path = shared directory path

Description: Path is used to specify the paths to the shared directory. You can use a macro such as%u,%m instead of the NetBIOS name of the UNIX user and client in the path, and use a macro to represent the primary use of the [homes] shared domain. For example, if we do not intend to use the home segment as the customer's share, but in/home/share/for each Linux user with his user name to create a directory, as his shared directory, so that path can be written as: path =/home/share/%u;. When the user connects to this share the specific path will be replaced by his user name, note that the user name path must exist, otherwise, the client will not find the network path when accessing. Similarly, if we do not divide the directory by the user, but instead use the client to partition the directory, each machine that can access samba on the network has its own path to its NetBIOS name, and as a shared resource for different machines, it can be written as follows: Path =/home/share/%m.

browseable = yes/no

Description: Browseable is used to specify whether the share can be browsed.

writable = yes/no

Description: Writable is used to specify whether the shared path is writable.

available = yes/no

Description: Available is used to specify whether the shared resource is available.

Admin users = Manager of this share

Description: The admin users use to specify the administrator for the share (with Full Control permissions on the share). In Samba 3.0, this entry is not valid if the user authentication method is set to "Security=share".

For example: admin users =bobyuan,jane (separated by commas between multiple users).

Valid users = Allow access to the shared user

Description: The valid user is used to specify which users are allowed access to the shared resource.

For example: Valid users = Bobyuan, @bob, @tech (multiple users or groups are separated by commas, if you want to join a group it is represented by the "@+ group name". )

Invalid users = prohibit access to the shared user

Description: The invalid user is used to specify users who are not allowed to access the shared resource.

For example: invalid users = root, @bob (separated by commas between multiple users or groups.) )

Write list = user allowed to write to the share

Description: The Write list is used to specify the user who can write to the file under the share.

For example: Write list = Bobyuan, @bob

Public = yes/no

Description: Public is used to specify whether the share allows the Guest account access.

Guest OK = yes/no

Description: Meaning is the same as "public".

　　　　Note: If you are not accustomed to using configuration files, you can also use the graphical interface

Install Ubuntu Samba Graphical management interface

sudo apt-get install System-config-samba

Start the Samba graphical management interface
sudo system-config-samba

　　

Five. Create a Samba account

sudo touch/etc/samba/smbpasswd
sudo smbpasswd-a John

　　　You will then be asked to enter the password for your Samba account

[If you do not have this step, you will be prompted when you log in to the session setup Failed:nt_status_logon_failure]

　　　

Use of the SMBPASSWD command:
Smbpasswd-a increase the user (the user to be added must be a system user)
Smbpasswd-d freezes the user, that is, the user cannot log in
SMBPASSWD-E restores the user, thaws the user, and allows the frozen user to use the
Smbpasswd-n set the user's password to NULL to write NULL in global passwords-true
Smbpasswd-x Deleting a user

Six, restart Samba after configuration is complete
SUDO/ETC/INIT.D/SMBD restart

Seven, test and use

Test: Input Smbclient-l//localhost/share

Use: to Windows enter "\ \" + "Ubuntu machine IP or hostname" + "\ \" + "share" in the folder

Advanced: User Account Mapping

Samba's user account information is stored in the smbpasswd file, and the account that can access the Samba server must correspond to a system account with the same name. Based on this, so, for some hacker, as long as the Samba server drops Samba account, it is equal to know the Linux system account number, as long as crack its Samba account password to exploit can attack the Samba server. So we're going to use the User Account mapping feature to solve this problem.

User Account mapping This feature requires an account mapping relationship table that records the relationship between the Samba account and the virtual account, and the client accesses the Samba server using the virtual login.

1) Edit the master profile vi/etc/samba/smb.conf
Add a row of fields under global username map =/etc/samba/smbusers Turn on the User Account mapping feature.

2) Edit Vi/etc/samba/smbusers
The Smbusers file holds the account mapping relationship, which has a fixed drop format:
Samba Account Number = Virtual account (Map account)
MyName = Networkusername
Account MyName is the Samba account (also the Linux system account number) that we set up above, Networkusername is the account name (virtual account number) that is mapped, account number MyName access to the shared directory as long as the input networkusername can be successfully accessed, but actually access to the Samba server is our myname account, which resolves the security issue.

　　

Ubuntu configuration Samba file sharing server