Shulou(Shulou.com)05/31 Report--

This article is about how to deploy samba enterprise file server under RHEL6.5. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

1. Lab requirements:

1) install the samba service using the RPM package

2) implement anonymous access and verify that files and directories can be read and written

3) realize the access of the specified user

4) implement the access of the specified user and give the user different permissions

5) implement alias access for users and test permissions

6) implement restrictions on specific access addresses

7) access to shared resources in windows system

two。 Experimental environment:

Linux server system version: Red Hat Enterprise Linux 6.5 IP:192.168.10.3

Windows client system version: Windows 7 Ultimate x64 IP:192.168.10.2

Samba software version: samba-3.6.9

3. The steps of the experiment:

Basic installation operation

a. Mount the system CD and install samba

To install the samba service, you need to install it from the rpm package. The rpm installation package is usually placed in the Packages directory on the system CD. Let's first use the mount command to see if the CD is mounted to the system.

If it is not mounted, manually mount the CD to the system's mnt directory

Check that the CD has been mounted

Find the package for the samba service in the Packages directory and install it

b. View samba profile

After installing samba, we have to modify the configuration file if we want the server to work as we wish.

You can use rpm-qc to view a documentation installation location of the installed software

It is found that the conf configuration file is not displayed, but according to experience, generally the conf configuration file will be placed in the / etc directory, look in the / etc/samba/ directory, and find the main configuration file smb.conf

[root@localhost~] # more / etc/samba/smb.conf looks at the contents of the file and finds that the content is very long and there are a lot of # comments

To make it look convenient, we can filter out all lines with the # sign and save the filtered file contents as another file, smb.con:

[root@localhost ~] # grep-v "#" / etc/samba/smb.conf > / etc/samba/smb.con

Check and find that you already have the smb.con file. It is suggested that the configuration file that ends in .conf should not be deleted. You can change its name to make a backup, so that you can continue to modify it in case of configuration errors in the future.

[root@localhost ~] # cd / etc/samba # change to the samba directory [root@localhost samba] # mv smb.confsmb.conf.back # backup conf files [root@localhost samba] # mv smb.consmb.conf # rename smb.con to smb.conf

Implement anonymous access and verify that files and directories can be read and written

[root@localhostsamba] # vi smb.conf # Open the main configuration file [global] workgroup = MYGROUP server string = Samba Server Version% v; netbios name = MYSERVER; interfaces = lo eth0 192.168.12.2 to 24 192.168.13.2 to 24; hosts allow = 127. 192.168.12. 192.168.13. Log file = / var/log/samba/log.%m max log size = 50 security = share passdb backend = tdbsam

The above are the configuration contents of [global] global mode, and the rest can be kept by default. What we are concerned about is that if you want to achieve anonymous access, you only need to modify security to make the security level share (default is user).

The following is the configuration of the share shared directory by inserting the following line at the end of the configuration file

[share] # specify the share name of the directory path= / opt/share # specify the share share this directory public= yes # public=guest ok, set to yes to allow anonymous users to access browseable= yes # so that anonymous users can see the shared content createmask # Settings can have write permissions createmask = 0644 # set permissions for new files Indicates that the owner has read-write permission, while others only have read-only permission (rw-r--r--) directory mask = 0755 # set the permission to create a new directory, indicating that the owner has read-write permission, while others do not have write permission (rwxr-xr-x).

a. Modified script:

[root@localhostsamba] # mkdir / opt/share # create share shared directory [root@localhostsamba] # chmod 777 / opt/share # modify permissions to 777 [root@localhostsamba] # service smb start # start samba service

[root@localhostsamba] # netstat-ant # View the status of network ports

The ports of the 139,445 samba service are being monitored, and the samba service is normal, so you can test it on the client. The firewall and selinux must be turned off before testing

[root@localhost samba] # service iptables stop iptables: set chain to policy ACCEPT:filter [OK] iptables: clear firewall rules: [OK] iptables: uninstalling module: [OK] [root@localhost samba] # setenforce 0

b. Effect verification:

Test whether you can ping the server on the client

Enter\\ 192.168.10.3 in the search box of the start menu and you can see the shared folder named share

Enter the folder, you can create new files and folders, any content can be written in the files, and you can also create new files under the folder, which is the same as the settings in the configuration file. Anonymous access is successful.

When we go back to the server, we look at the files created by anonymous users under the shared folder and find that both the owner and the group are nobody. The permissions of the newly created files and folders are 644 and 755 respectively.

Nobody is a system account. If you visit the new account anonymously, it will be displayed as nobody.

Realize the access of the specified user

Because the user is to be specified for access, only the security needs to be modified in the [global] global mode.

Make the default security level user

Security = user

The following is configured according to the specific shared directory. Insert the following line at the end of the configuration file to create a shared configuration of a test directory that does not allow anonymous access. Only specified users can access it.

[test] # specify the share name of the directory path= / opt/test # specify the shared test directory browseable= yes # setting can see the shared content writable= yes # setting can have write permission createmask = 0644 # set the permission to create a new file, indicating that the owner has read and write permission Others only have read-only permission (rw-r--r--) directory mask = 0755 # set the permission to create a new folder, indicating that the owner has read and write permission, while others do not have write permission (rwxr-xr-x)

Of course, users in the system can also access the shared directory, but here we want to use samba's own account to access, two new accounts for samba without setting their password, so that they can be used as samba users but cannot log in to the system.

[root@localhost samba] # useradd jery # create account jery and jene [root@localhost samba] # useradd jene [root@localhost samba] # smbpasswd-ajery # set account to samba user and set password New SMB password: Retype new SMB password: Added user jery. [root@localhost samba] # smbpasswd-ajene New SMB password: Retype new SMB password: Added user jene. [root@localhost samba] # [root@localhost samba] # pdbedit-L # View the newly created samba account information jery:500: jene:501: [root@localhost samba] # mkdir / opt/test # create a shared directory test [root@localhost samba] # chmod 777/opt/test # modify permissions to 777 [root@localhost samba] # service smbrestart # restart the samba service, you can also use reload here However, reload reloads the configuration and will not completely disconnect from the client. Here, restart is used to shut down the SMB service: [OK] start the SMB service: [OK]

a. Modified script

b. Effect verification

Clear the previous connection on the client before testing, otherwise it will go directly to the shared directory because of the cache.

Enter\\ 192.168.10.3\ test in the search box of the start menu, jump out of the dialog box and enter the account number and password of jery

Jery this user can log in and can read and write to the test shared directory

Create a new file named jery in the shared directory, go back to the server to view the permissions of this file, and display it as jery

Implement the access of the specified user and give the user different permissions

Then, in order to test the different permissions of the accessed user, add the following two lines to the [test] configuration

Valid users = jery, jene # allows these two users to access write list = jene # only jene is allowed to write

a. Modified script

b. Effect verification

[root@localhostsamba] # service smb restart # restart the service

Shut down the SMB service: [OK]

Start the SMB service: [OK]

Net use * / d clear the connection on the client

Log in as jery this time to test writing to the file

At this time, it is clear that only jene can be written. why can you still write a file when you log in with jery? Let's go back to the server and check the configuration file

So for the configuration to take effect, you must delete the line configuration writable = yes

[root@localhostsamba] # service smb restart # restart the service

Shut down the SMB service: [OK]

Start the SMB service: [OK]

Clear the connection (net use * / d) or log in as jery and find that the file was rejected when the file was created

Go back to the server and write a line to the test file:

[root@localhostsamba] # echo "this is test" > / opt/test/test.txt

There is already a file named test on the client, which was rejected when opening the file and adding a line to it.

Exit jery, clear the connection, and then log in with jene. Jene writes to files and folders successfully.

Implement alias access for users and test permissions

There is a smbusers file in the samba directory that sets the alias

[root@localhostsamba] # vi smbusers

Opening this file and adding a line jene = t01 T02 T03 at the end of the file is equivalent to giving jene three aliases, mapping the last three user names to jene, the password remains the same, and the actual login account is still jene.

Then add: username map = / etc/samba/smbusers configuration mapping association to [global] in the main configuration file, and the user name points to the content set in the smbusers file.

a. Modified script

b. Effect verification

[root@localhostsamba] # service smb restart # restart the service

Shut down the SMB service: [OK]

Start the SMB service: [OK]

Client clears connection (net use * / d)

Log in with T01 account\\ 192.168.10.3

Seeing an extra shared folder named jene is because there is a configuration of [homes] home directory in the global configuration, and whoever logs in will share his home directory. Because T01 is still mapped to the jene account, jene will also see that his home directory is shared when he logs in, and any operation can be done in the shared folder of the home directory.

Create a new file named iamt01 in the test folder and go back to the server to check the properties of the file. Whether the owner and group are logged in by jene or by jene,t02 and T03 is the same, so there will be no more tests here.

Implement restrictions on specific access addresses

To deny access to anyone, just add a line to [test] in the main configuration file: hosts deny = 192. 168. 10. 10.0.0. # 192.168.10. Indicates the network segment 192.168.10.0, so that all hosts in this network segment are inaccessible. Here, the two network segments 192.168.10.0 and 10.0.0.0 are denied.

a. Modified script

b. Effect verification

[root@localhostsamba] # service smb restart # restart the service

Shut down the SMB service: [OK]

Start the SMB service: [OK]

Client clears connection (net use * / d)

Using the T02 account to access this time, you can access other shared folders, but because the client ip address is 192.168.10.2, it is in the network segment where the test shared folder is denied access, so when you open the test folder, you are prompted to deny access.

Realize access to shared resources in windows system

We shared a folder called LAMP on the client (win7 system)

[root@localhost samba] # smbclient-L192.168.10.2 # list the shared resources in the client

[root@localhost samba] # mount.cifs//192.168.10.2/LAMP / tmp/ # if you want to access this LAMP folder, you can mount the LAMP to the server's tmp directory

[root@localhost ~] # df-hT # check the mount condition. It has been mounted.

Check the contents of the mounted tmp directory. LAMP is full of tar packages.

[root@localhost samba] # cp/tmp/apr-1.4.6.tar.gz ~ # copy one of the compressed files to the root directory (the root directory can be / root or directly written as ~)

[root@localhostsamba] # umount / tmp # Uninstall the mounted LAMP from the tmp directory

Looking at the tmp directory after uninstalling shows the files and directories in the original tmp directory

Thank you for reading! On "how to deploy samba enterprise file server under RHEL6.5" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, you can share it out for more people to see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.