Configuration and Application of Samba for File Sharing Service

SMB (Service Message Block): A protocol for sharing folders/printers on a LAN. It can be used on top of TCP/IP or on other network protocols.

Provide two services: file sharing service smbd

name resolution service nmbd

process: winbindd Add linux to the windows domain, using resources in the windows domain.

Package: samba (server), samba-client (client), samba-common (extra component)

samba-swat Based on the web interface, provides samba server configuration management.

samba-client samba-common is installed by default

Main configuration file: /etc/samba/smb.conf

Startup script: /etc/init.d/smb

Grammar checker: testparm

Port: 137 (provide service server to others) Provide netbios service

138 (Accept others service client) Provide netbios service

139 (File Transfer) 445 (File Transfer)

Main Profile Related Parameters:

[global]

workgroup = MYGROUP //** Working Group

server string = Samba Server Version %v //** Description

interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 //**Define the listening interface

hosts allow = 127. 192.168.12. 192.168.13. //** ACL whitelist

log file = /var/log/samba/%m.log //** Define log < Br>

security = user //** Security level default user

Security level: share You can log in directly without an account and password, which is the least secure.

user needs to enter a valid account and password, and then use the server's shared resources after verification.

server and user level, you also need to enter a valid account and password, but the password verification will be carried out by another

SMB server, you must specify the password server, that is, "password server" Option.

[homes]

comment = Home Directories //**Comment Information

browseable = no //** Can be viewed

writable = Yes //** Is it writable?

; valid users = %S //** Which users can use this type of sharing

; valid users = MYDOMAIN\\%S

[printers]

printable = yes //** Identify a print device

Follow a directory:

[root@mail samba]# mkdir /share

Edit /etc/samba/smb.conf Add a shared directory

[tools]

comment = Public Software

path = /share

browseable = yes

writable = yes

public = yes //**Allow everyone to access

Save and exit.

Adding samba users:

smbpasswd -a Adding a user

-d Disabling a user

-e Enabling users

- x Delete User

PS: The user that Samba requires to access must be the system account, but the password must be the password provided by samba.

[root@mail samba]# setenforce 0

Add write permission to the user:

[root@mail samba]# setfacl -mu:lucy:rwx /share< Br>

Only allow certain users to have write access:

Edit main configuration file

[tools]

comment = Public Software

path = /share

browseable = yes

write list = lucy //** If a group of users is allowed to have write access then write list = @develop

public = yes< Br>

Add write permission to the /share directory for the group:

[root@mail samba]# setfacl -mg:develop:rwx /share/

In the case of SElinux open Allow users to have write access:

First change the label of the directory:

[root@mail samba]# chcon -R -t samba_share_t /share

[root@mail samba ]# ls -dZ /share

drwxrwxr-x+ root root root:object_r:samba_share_t /share

Open access to samba home directory:

[root@mail samba ]# setsebool -P use_samba_home_dirs 1

[root@mail samba]# setsebool -P samba_enable_home_dirs 1

Using smbclient to access shared resources:

Listing on target host There are shared resources that can be accessed

[root@mail samba]# smbclient -L //192.168.0.39

[root@mail samba]# smbclient -L //192.168.0.39 -U Lucy%lucy //** View as a user

Access shared directory:

[root@mail samba]# smbclient //192.168.0.39/tools -U lucy

Hold the remote shared directory to the local host directory

[root@mail ~]# mount -t cifs //192.168.0.39/share /samba -o username=lucy

Set the boot settings to automount

Edit/etc/fstab

//192.168.0.181/tools /mnt cifs credentials=/etc/samba/cred 0 0

credentials=/etc/samba/cred //** Verify information storage location

Create cred file:

uername=lucy

password=lucy

Implement samba access control function

Edit master configuration file:

hosts allow = 127. 192.168.0. line 81

Set iptables rules:

[root@mail ~]# iptables -t filter -A INPUT -s 192.168.0.1 -d 192.168.0.39 -p tcp -m multiport --dports 139,445 -j ACCEPT

[root@mail ~ ]# iptables -t filter -A INPUT -s 192.168.0.1 -d 192.168.0.39 -p udp -m multiport --dports 137,138 -j ACCEPT

[root@mail ~]# iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 192.168 .0.39 -p tcp -m multiport --dports 139,445 -j REJECT

[root@mail ~]# iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 192.168.0.39 -p udp - m multiport --dports 137,138 -j REJECT