Shulou(Shulou.com)06/02 Report--

Samba (Service message Block)

SMB protocol

Server Message Block, service message block

CIFS protocol

Common Internet File System, Universal Internet File system

Samba project

Http://www.samba.org

Function:

Sharing files and printer services

It can provide authentication when users log in to the SAMBA host.

Can do hostname resolution (NetBIOS name) on Windows network

The main program of Samba server

Smbd: provides shared access to files and print resources in the server 139 445

Nmbd: provides resolution based on NetBIOS host names 137 138

Service script for Samba

/ etc/init.d/smb

Configuration directory and files of Samba

/ etc/samba/

/ etc/samba/smb.conf

Profile check tool: testparm

Common configuration items:

Workgroup= working Group

Security = authentication method

Share Anonymous

User local SAMBA user

Server is authenticated by other servers

Domain is authenticated by the domain controller (PDC)

Comment = description information

Path = path to the share

Guest ok = allow all access, equivalent to public

Public = yes function is equivalent to guest

Read only = everyone read-only

Writable = everyone can write

Write list = list of users with write permission

Browseable = whether to browse visible or not

Username map = / etc/samba/smbusers

Valid users = users allowed to access the shared resource (user, user, @ user group)

Invalid users = users who are prohibited from accessing the shared resource

Hosts allow = the IP segment to which access is allowed

Hosts allow = 192.168.115.0 EXCEPT 192.168.115.114

Allow all hosts on the 192.168.115.0 network segment to access, except for 114

Samba add user command:

Smbpasswd:

-a: add a smb account

-d: disable a Samba account instead of deleting it

-x: delete the account from the sabpasswd file

-e: restore a Samba account

-n: set the password of the account to empty

For example:

Groupadd sdcet

Useradd-G sdcet lcg

Pdbedit-a-u lcg / smbpasswd-a lcg

Pdbedit:

-L: view account information

-a |-x-u account: add / delete account

Smbclient:

-L: lists all resources shared on the remote server

-N: forbids smbclient to prompt for user name and password

-I: specify the IP address of the computer to be accessed

-U: specify the user name to use when accessing the remote server

Experimental environment: two virtual machines (same network segment), one as server, one client, server (build Samba server), client install samba client tools (smbclient)

No validation sharing Lab:

Server side:

Install the software:

Modify the configuration file:

Client authentication:

View sharing:

Smbclient-L / / 192.168.115.178

Anonymous login:

Smbclient / / 192.168.115.178/share

Test upload and download

User authentication login lab:

Modify the matching file on the server side:

To create a Samba user:

Client authentication:

Smbclient / / 192.168.115.178/auth-U cwy

Note:

When the configuration file modifies security = user in the global configuration global

At this point, add to the local directory sharing configuration file:

Anonymous users can also log in when public = yes

When public = no, you need to use Samba specific user login to use

When the configuration file modifies security = share in the global configuration global

At this point, add to the local directory sharing configuration file:

Anonymous access when public = yes

The directory is not deleted when public = no (access is invalid)

Access (permission) restriction Lab:

Modify the configuration file:

Client authentication:

Since the IP address of the client is 192.168.115.179, the configuration file is modified to allow the client of the 192.168.115.0 network segment to access, but not the 179 client:

Client authentication:

At this point, 179 clients cannot log in:

However, other computers on the same network segment can access it normally:

Mount the Samba server shared directory to the client for local use:

Supported file system types (cifs-utils) need to be installed

Permanent mount on:

Modify the / etc/fstab file:

Alias test:

Profile modification:

Graphical permission setting management:

Install the package:

Modify / etc/xinetd.d/swat

Start the service: service xinetd start

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.