Linux samba file sharing

SAMBA software is used to share files between different platforms (Linux/Unix/Windows
). 1SMB: Service Message Block program full name

CIFS: Common Internet FileSystem program full name

2

The three processes started by samba are all implemented with Windows host. File Sharing to Work

smbd: Share Files

nmbd: Broadcast Your IP to Windows Hosts

winbind: Default does not start, Linux host is used in Windiws domain

3

Port: 137/UDP (netbios), 138/UDP (netbios), 139/TCP (netbios), 445/TCP (smb over TCP/IP)

4

Package:

samba.i386 server-side package

samba-swat.i386 samba

5

Configuration file:

/etc/init.d/smb

/etc/samba/smb.conf

6

Ps: In the new version, samba accepts selinux control, so in configuration, we should first close selinux

7

configuration file:

[global]

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 listening IP

; hosts allow = 127. 192.168.12. 192.168.13. Allowed IP

; Log file = /var/log/samba/%m.log The log macro %m indicates the current host Machine name

; max log size = 50 log file size

security = user samba security level, mainly based on user authentication method

share: public

User: password based on username

domain: according to domain

server: centralized authentication

ads:

passdb backend = database file for tdbsam account< Br>

[homes]

comment = Home Directories Description

browseable = no Do not allow random browsing

writable = yes Allow uploading files

; valid users = %S Define which users can access this share

[printers]

comment = All Printers Show all printers

path = /var/spool/samba Printers that can be accessed

browseable = no Do not allow anonymous access to the printer

guest ok = no Whether the guest account allows access to the printer

writable = no

Printable = yes

; [netlogon]

; comment = Network Logon Service

; path = /var/lib/samba/netlogon

; guest ok = yes

; writable = no

; share modes = no

; [ ,null,null,3],Pr Ofiles]

; path = /var/lib/samba/profiles

; browseable = no

; guest ok = yes

8

When we use user login, we need to create a username and password for samba, and directly add the local user as a samba user. Use the smbpasswd command

smbpasswd< Br>

-a Add samba user

-x Delete user

-d Temporarily disable a user

-e Enable disabled account

9

testparm checks the configuration file, hit enter to display the command in effect

10

Instance:

#yum install samba

#vim /etc/samba/smb.conf

Add a shared directory at the end:

[share] Is a shared directory

comment = my share folder

path = /sharing

browseable = Yes

guest ok = Yes

writable =Yes

(writable = Yes and read only =No have the same effect)

#testparm Checking the configuration file

#useradd zoe Creating a user

#smbpasswd -a zoe Add users to samba and add passwords

#chcon -R -t samba_share_t /sharing/Recursively modify its label, this will be spoken in selinux

#setfacl –mu:zoe:rwx /sharing User's permission for /sharing

End

You can now use the Network Neighborhood Workgroup to search for this host in Windows and log in to access the sharing directory

11

How to use Linux as a client to access samba shared files:

The command we use here is smbclient:

Smbclient

-L hostname/IP View specified Shared resources on the host

-U username[%password] Login with the specified username

smbclient //HOST/SHARE -U username%passwd

Example: smbclient //192.168.0.3/share -U zoe%redhat

12

Access Control:

Adding the [share] in front of you can restrict the /sharing directory< Br>

hosts allow = 192.168.12. Allow host access on 192.168.12.0 network segment

testpqrm /etc/samba/smb.conf station34.example.com 192.168.0.34 Test if the specified host can access Specified shared file

Write access control :

write list = @peguin means that only members of the group can be written

write list = @zoe means that only zoe users can write

13

Let a group have write access:

groupadd peguin

useradd -G peguin fedora

usradd -G peguin gentoo

smbpasswd -a fedora

smbpasswd -a gentoo

setfacl -mg:peguin:rwx /sharing/

At this point, members of the peguin family can access the shared folder

14

We closed selinux in front, then we can also open selinux and modify its rules to support our work on samba.

Modify selinux to support some of samba's features:

selinux defaults to not support samba home directory

getsebool -a |  Grep samba View options for samba in selinux

samba_domain_controller --> off

samba_enable_home_dirs --> off This means that home directories are not allowed

samba_export_all_ro -- > off

samba_export_all_rw --> off

samba_share_nfs --> off

use_samba_home_dirs --> off

virt_use_samba --> Off

setsebool -P samba_enable_home_dirs=1 -P means to modify the original file to make it permanent.

This way selinux does not affect our samba

15

We can also directly mount the samba directory shared by other Linux hosts to the machine, so it is very convenient~

mounting other host sharing Samba directory:

mount -t cifs //192.168.0.73/share /mnt -o username=redhat

means to mount the shared share directory on the 0.73 host to the local /mnt directory. The username used is redhat