Shulou(Shulou.com)06/03 Report--

Basic concept

The sharing services of files, printers and other resources are provided between different computers in the local area network. The SMB protocol is the Cmax S model protocol.

1.1. Related agreements

Linux--NFS (Network File System): network file system

Window--NetBios: hostname resolution protocol

Linux è window-CIFS: general network file system

1.2. Characteristics

Local area network, cross-operating system platform, file content can be modified online

Samba-- software, smb-- file sharing protocol,

1.3, function

1. Share network documents and printers

2. Cross-platform access authentication, permission setting, and support for SSL certificate encryption

3. Resolve NetBios names: Samba can build a NBNS (NetBios Nmae Server) server through nmbd service to provide name resolution-- resolve computer names to IP to achieve access location between hosts!

1.4, Port

SMB--TCP 139 445

NMB--UDP 137 138

1.5. Configuration file

Main configuration file-/ etc/samba/smb.conf

User name alias profile-/ etc/samba/smbuser (used to hide the user's real name)

1.6, user security level

Under the global configuration file "global", security = "* *"

Share- anonymous login

Both user-- local users (need to configure a shared password) and anonymous users can log in

Server-- is dedicated as an authentication server

Domain-- logs in through domain controller authentication

1.7. Global setting parameters

[global]

Workgroup = MYGROUP # workgroup name

Username map = / etc/samba/smbusers # enable alias concept

Server string = Samba Server Version% v # server description information, usually version information

Log file = / var/log/samba/log.%m # Log file path and name

Max log size = 50 # if the size of the log file exceeds 50KB, re-record

Security = user # user login security level: share, user, server, domain

Passdb backend = tdbsam # sets the shared account file type. Default is tdbsam.

Load printers = yes # automatically load the printer

Cups options = raw # specifies the operating mode of the printer

Netbios name = name of the netbios of the host

Hosts allow = 127.00. 192.168.100. # allow access to network segments and user IP and domain names of shared files

Realm = * * # specify Active Directory

1.8. Shared file locale

[homes] # shared file name (casually written)

Comment = Home Directories # description of the shared file "homes"

Browseable = no # sets whether the shared folder is visible in Window's network neighbors, where it is not visible

Path = / var/spool/samba # directory of the shared folder

Writable = yes # has write access-as opposed to read only read-only mode

Public = yes # allow sharing

Guest ok = yes # allow anonymous access

Valid users = abc, @ xyz,+qwe # allows only a few users to log in, or group login

Note: the above command is used only if the shared directory has 777 permissions.

Create mask = 66 default permissions for uploading files

Directory mask=777 # default permissions for uploading directories

Read only = yes # enable read-only mode (set in configuration file)-system default

Valid users = user 1, user 2 can access the user

Write list = user 1 (set in profile)-list of users with write permission

The last three items are often combined to be used as a whitelist while changing permissions to the directory

User login

2.1. Log in using anonymous users

Set up a shared folder and log in directly without user name

Steps:

The first step is to configure the local yum source and install the software samba

Yum-y install samba

The second step is to configure shared files / etc/samba/smb.conf

Change the security level to "security = share"

Step 3: start the smb service

Service smb start

Step 4: login verification on the client side

View the shared file directory: smbclient-L IP

Log in to the shared file smbclient / / IP/ shared area name on the server (the one written in [] above)

2.2. Log in with a valid user

Valid users log in the same way as the anonymous users above, except that the security level above is changed to

"security = user" at this time, both anonymous and valid users can log in

2.3. View the shared files of the system

Use anonymous user smbclient-L IP

Use the specified user Smbclient-U user1-L IP

Convert existing local users of the system to samba users

Pdbedit-a bcl (on server side)

And check the existing samba user Pdbedit-L

Create zhangsan and lisi local users, Zhang San can "write", Li Si is "read-only", and the directory is not visible

First enable permission rw for the shared directory

Modify the configuration file

Using samba to implement the company's file server

Request:

1. Create two departments HR and IT, each with two people hr01, hr02, it01 and it02, and set the file sharing password

2. Documents within the department can only be viewed by internal personnel, but not by other departments.

3. Users can view each other's files but cannot modify other people's files

4. The documents of the HR department can only be viewed remotely by the 192.168.115.200 computer in the leader's office.

5. The files of the IT department only allow the administrator it01 to have write permission, and only allow the employees of the other two departments to view the network segment 192.168.115 and 192.168.100.

6. Whoever created the file can only be modified.

7. There is also a folder that publishes the payroll of employees!

The steps of the experiment:

The first step is to create groups HR and IT, and create members hr01, hr02,it01 and it02 in the group, respectively, and set the shared password

View the owner, group, and additional group of the members in the added group

The second step is to create a department directory and set permissions: only members of this department can use the directory files of their own department.

Create a department shared folder:

/ home/HR, change the group to HR, set the permission 1770, that is, the owner and the group have all permissions, and give the permission to SBIT, who will be responsible for the creation!

/ home/IT, change the group to IT, set permission 1770

Company-wide payroll check folder / home/public

The third step is to set up the configuration file and open the permissions to the corresponding department.

1. For experimental results, the following configuration file sets some permissions separately.

2. Configure the specific directory paths of the three shared folders and enable the sharing permissions.

3. Restrict the rights of people in various departments to view shared files.

4. Test and verify

Based on user's access control rights

Window system testing and verification

Test hr02 users not only to see if they can also modify hr01 users' profiles

Host-based access control permissions

Step 4, verification

/ public shared files can be viewed by anyone

No one can log in the HR directory on a computer other than 192.168.115.200. The IP of 200is Window, which has been verified above.

The IT directory can only be logged in on computers on network segments 192.168.115.0 and 192.168.100.0

Disk mapping

Cache clearing on Window side

Net use * / del

Window cache view

Net use

Disk mapping

Linux end

First check the shared directory smbclient-U bcl-L 192.168.115.193

Temporary mount:

Mount-t cifs-o username=***,password=*** / / Server IP/ shared directory / mnt

Permanent mount needs to be written to / etc/fstab

Window end

My computer è (right) maps the IP/ shared folder of the network drive è / / shared server

For windows, as long as it is a shared folder on the network, it can be shared in this way

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.