Shulou(Shulou.com)06/03 Report--

Samba is a free software that implements SMB protocol on Linux and UNIX systems, which is composed of server and client programs.

We have learned before that NFS and FTP,NFS, like samba, are also an implementation of file sharing on the network, but unfortunately, it does not support the windows platform, and the samba mentioned in this chapter is an implementation that can share files between any host that supports the SMB protocol, including windows.

SMB (Server Messages Block, Information Service Block) is a communication protocol for sharing files and printers on the LAN. It provides sharing services for files, printers and other resources between different computers in the LAN.

SMB protocol is a C / S protocol, through which clients can access shared file systems, printers and other resources on the server.

By setting "NetBIOS over TCP/IP", Samba can share resources not only with local area network hosts, but also with computers all over the world.

The Samba listening ports are:

Port 139445 of tcp

Port 137138 of udp

The service corresponding to the tcp port is the smbd service, which provides shared access to files and print resources in the server.

The service corresponding to the udp port is the nmbd service, which provides resolution based on the NetBIOS host name

Samba service script:

/ etc/rc.d/init.d/nmb

/ etc/rc.d/init.d/smb

Samba process:

Nmbd: corresponding to netbios

Smbd: corresponding to cifs protocol

Winbindd + ldap: corresponding to Windows AD active Directory

Samba users:

Account number: all system users, / etc/passwd

Password: Samba service has its own password file, which is set by the smbpasswd-a USERNAME command

Samba security level:

There are four security levels for Samba servers, which are share,user,server,domain

Share: indicates anonymous access

User: indicates locally based authentication

Server: indicates that the identity of the user is authenticated by another specified server

Domain: indicates that authentication is carried out by domain control

Samba configuration file: / etc/samba/smb.conf

By default, the configuration content of the Samba main configuration file contains three parts, namely, [global] global configuration, [homes] host directory sharing settings, and [printers] printer sharing settings.

[global] globally configured settings are valid for the entire samba server

[homes] is used to set the default share for Linux users, corresponding to the user's host directory. When a user accesses a shared directory with the same name as his user name on the server, it will be automatically mapped to the user's host directory after authentication.

Specific configuration parameters:

Workgroup # indicates the name of the setup workgroup; server string # describes the samba server; security # indicates setting the security level. The values can be share, user, server, domain;passdb backend # indicate the type of shared account file, and the values can be tdbsam (tdb database file), ldapsam (LDAP directory authentication), smbpasswd (compatible with older samba password files) Comment # means to set the comments corresponding to the shared directory, that is, the file sharing name; browseable # to set whether the share is visible; writable # to set the directory to be writable; path # to indicate the path to the shared directory; guest ok # to set whether the shared directory is accessible to everyone; printable # to indicate whether the setting is a printer

Test the configuration file for syntax errors and display the configuration that will eventually take effect: use the testparm command

Testparm

Web interface configuration samba:

The samba-swat package provides the ability to configure samba on the web interface. It comes with web services. The default port is 901, and it is managed through xinetd.

Samba access method: as a client

Interactive data access:

Smbclient-L HOST-U USERNAMEsmbclient / / SERVER/shared_name-U USERNAME

Access based on mount:

Mount-t cifs / / SERVER/shared_name-o username=USERNAME,password=PASSWORD

Smbpasswd command:

-a Sys_User: add a system user as a samba user and set a password for it

-d: disable user account

-e: enable user account

-x: delete user account

Samba example:

# install samba server using yum command: yum-y install samba-*# configure selinux security mechanism (excluding the # of lines 26 and 29): sed-I '26d' / etc/samba/smb.confsed-I' 25a setsebool-P samba_domain_controller on' / etc/samba/smb.confsed-I '29d' / etc/samba/smb.confsed-I' 28 a setsebool-P samba_enable_home_dirs on' / etc/samba/smb.conf# after these two lines take effect Your own home directory can read and write normally. # if you want to set the / test directory to a full share, you need to change the selunux:#chcon-t samba_share_t / test# of the file directory to set the sharing type, with anonymous access and local user authentication The default is user user authentication: # set to anonymous sharing: # sed-I '101d' / etc/samba/smb.conf#sed-I' 100a security = share' / etc/samba/smb.conf# set to local user authentication: # sed-I '101d' / etc/samba/smb.conf#sed-I' 100a security = user' / etc/samba/smb.conf# set to another server for remote authentication: # sed -I '101d' / etc/samba/smb.conf#sed-I' 100a security = server' / etc/samba/smb.conf# is set to domain control authentication: # sed-I '101d' / etc/samba/smb.conf#sed-I' 100a security = domain' / etc/samba/smb.conf# assume that there is now a folder called test Then set the share as follows: # set the identity of the share: echo'[test]'> > / etc/samba/smb.conf# set the display name of the share, that is, the name of the share you see when you access it Suppose the share name is test:echo 'comment = test' > > / etc/samba/smb.conf# sets the share path: echo' path = / test' > > / etc/samba/smb.conf# sets whether the share is visible: echo 'browseable = yes' > > / etc/samba/smb.conf# setting is accessible to everyone: echo' guest ok = yes' > > / etc/samba/smb.conf# setting directory is writable: echo 'writable = yes' > > / etc/samba/smb.conf# setting whether anonymous users are allowed to access: echo 'public = yes' > > / etc/samba/smb.conf# sets the users or groups that can be written: echo' write list = root @ root' > > / etc/samba/smb.conf# restrict the access side: # set the users or groups that can be accessed: echo 'valid users = root @ root' > > / etc/samba/smb.conf# setting denies access to users from 192.168.72.1: echo 'hosts deny = 192.168.72.1' > > / etc/samba/smb.conf# setting allows users from 192.168.72.2 to access: echo 'hosts allow = 192.168.72.2' > > / etc/samba/smb.conf# mapping shared directory: # create user one:#useradd one# for one user Create smb shared password: # smbpasswd-an one# assumes that one users are mapped to aaa users here Then add the following to the / etc/samba/smbusers file: # echo 'one = aaa' > > / etc/samba/smbusers# add the following to the global configuration: sed-I' 244 a username map = / etc/samba/smbusers' / etc/samba/smb.conf# start the smb service: # service smb start# restart the smb service: service smb restart# reloads the smb service: # service smb reload# sets the smb service as the system starts Start: chkconfig smb on# to establish a shared folder: mkdir / test

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.