Shulou(Shulou.com)06/03 Report--

Build Samba platform and users modify their own password environment to build notes

System: CentOS release 6.5 (Final) x86x64

Software: samba # server

Samba-client # client

Samba-common # common tools and libraries

Apache:httpd

Web: changepassword-0.9.tar.gz # requires GCC to compile the source code package and install make

Hardware: Vmware10

Description: Samba in a workgroup environment

Matters needing attention in the construction of Samba platform and solutions to failures encountered

1. The permission setting of the shared directory and the relationship between the members and groups to which it belongs

2. The core configuration file of Samba service, smb.conf. The parameter settings of the shared directory should correspond to the above 1

Or make a mistake.

3. User and group creation details:

3-1 system creates OS account (cannot log in to OS) → creates password # changepassword program modifies password

3-2 Samba user, password creation # smbpasswd create access file service user and password

3-3 create groups → users join groups # users with different service applications need to join different groups

4. Stand-alone environment testing samba service:

4-1 smbclient / / IP/ shared directory-U account # enter password to enter the directory

4-2 smb > dir → list # read files and folders

4-3 testparm to test whether the smb load is normal

4-4 service smb status # check the running status of smbd service

5. Set the smb service to boot and run: chkconfig-level 345 smb on

Samba Services windows platform inaccessible workaround:

1. Turn off Selinux security mechanism

# vi / etc/selinux/config modify SELINUX=disabled # turn off security detection

two。 Firewall add rules open port 137.138.139.445

# vi / etc/sysconfig/iptables

Add the following rules

-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 137-j ACCEPT

-A RH-Firewall-1-INPUT-m state-- state NEW-m udp-p udp-- dport 138j ACCEPT

-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 139-j ACCEPT

-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 445-j ACCEPT

-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT

One point is explained:

Earlier versions of samba3.x default to use the tdb library, that is, smb.conf defaults to passdb backend = tdbsam, and simply release the line and add smbpasswd file = / etec/samba/smbpasswd to store the encryption key using smbpasswd. Starting from samba3.5.6, samba standardizes the use of the passdb backend parameter and cancels the smbpasswd file setting. If the passdb backend parameter is simply commented out, the key file will not be stored in smbpasswd. So many people say how to modify the configuration of smb.conf, the smbpasswd file can not be generated, even if created manually, the content is also 0 bytes. To use traditional text-side storage, just set passdb backend = smbpasswd:/etc/samba/smbpasswd (followed by an absolute path), instead of writing smbpasswd file = / etc/samba/smbpasswd, this parameter is no longer applicable to the new version of samba.

Problems encountered in the installation of Apache:Httpd services and solutions:

1. Chinese garbled resolution:

Put the configuration file / etc/httpd/conf/httpd.conf of httpd into:

1-1 AddDefaultCharset UTF-8 changed to AddDefaultCharset zh_CN.UTF-8

Or change the value of AddDefaultCharset to GB2312

1-2 Firewall Port Open add Rule: Port 80 Open

Solutions to problems encountered in Web-changepassword client installation:

1-1 may encounter the following error collect2:ld returned 1 exit status make:*** [changepassword.cgi] Error 1 during installation

This is due to the lack of a dependency package, which is in the changepassword-0.9.tar.gz directory package. After decompression, there is a smbencrypt directory in the directory. Enter the directory, and there is a

Libdes-4.0.tar.gz text, which is a dependent package of changerpassword, unzipped

After tar-zxvf libdes-4.0.tar.gz is decompressed, there is a des directory, and enter the back make.

Cp libdes.a.. / system prompt: cp: do you want to overwrite.. / libdes.a?

Enter confirms overwriting and returns it to the changepassword directory

1-2 compile changepassword source code package custom path, etc.:

. / configure-enable-cgidir=/var/www/cgi-bin-enable-language=Chinese

-enable-smbpasswd=/etc/samba/smbpasswd-disable-squidpasswd

-- enable-logo=samba.jpg

Note: logo images will not take effect until they are placed in the / var/www/html directory. Html is the default directory for cgi-bin.

Note:

-- enable-cgidir=/var/www/cig-bin: specify the cig-bin path under httpd

-- enable-language=Chinese: set the language to Chinese

-- enable-smbpasswd=/etc/samba/smbpasswd: specify the smbpasswd path

-- disable-squidpasswd: turn off squid password (changepassword supports password change for squid authenticated users)

Samba user system password modification is synchronized with system account password: important modification of the following files and configuration parameters

1. Modify samba/smb.conf configuration

Security = user

Passdb backend = smbpasswd:/etc/samba/smbpasswd pam password change = no

Passwd chat = * * NEW*UNIX*password*% n\ n * Retype*new*UNIX*password*% n\ n

* successfully*

Passwd program = LANG=en_US / usr/bin/passwd% u unix password sync = yes

two。 A module dedicated to managing passwords using pam:

The pam_smbpass.so location is located at:

X86: / lib/security/pam_smbpass.so # 32-bit system x64: / lib64/security/pam_smbpass.so

# 64-bit system and then we just need to add this module to the password authentication mechanism: vim / etc/pam.d/system-auth

Edit the pam file system-auth

Modify the password section inside and insert a new password line (here is my system-auth configuration, notice that I added a line

About the content of pam_smbpass.so):

Auth required pam_env.so

Auth sufficient pam_unix.so nullok try_first_pass auth requisite

Pam_succeed_if.so uid > = 500quiet auth required pam_deny.so

Account required pam_unix.so

Account sufficient pam_succeed_if.so uid < 500 quiet account required

Pam_permit.so

Password requisite pam_cracklib.so try_first_pass retry=3

Password required / lib64/security/pam_smbpass.so nullok use_authtok try_first_pass

Password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password

Required pam_deny.so

Session optional pam_keyinit.so revoke session required

Pam_limits.so

Session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

Session required pam_unix.so

Group environment problem: when changing a user's password through changepassword on the browser, the correct input also indicates that the old password is wrong.

Reason: if 1-1 changepassword changes the password, it must be synchronized with the password in / etc/passwd. If you only set the samba password, but not the system password, the program cannot change the user's password.

Must have a system password, and the system password must be the same as the samba password

1-2 create a samba user who cannot log in to the system, so he forgot to set the system password for the user

Solution: the passwd command creates and modifies the same password of the samba system user as the samba service user.

Changepassword on the browser can change the password successfully

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.