Detailed explanation of the steps of installing and configuring Samba server in Linux system

Time:2020-9-24

1、 Get the source code package and decompress it
The latest Samba source code package can be downloaded from Samba’s official website. Let’s use samba-3.5.9 tar.gz The source code package is analyzed as a case. In this case, we put the source code package in the directory / home / samba, and then execute the following command to decompress it.

Copy code

The code is as follows:

# tar –xzvf samba-3.5.9.tar.gz

2、 Configure
After decompressing the source code package, enter the directory

Copy code

The code is as follows:

# cd /home/samba/samba-3.5.9/source3

Then execute the following command to configure.

Copy code

The code is as follows:

# ./configure

You may not have a configure file in the directory at the beginning. You can execute the following command first

Copy code

The code is as follows:

# ./autogen-sh

At this time, the system is required to install Autoconf, automake and other tools.

Before running the above configuration command, we can use the

Copy code

The code is as follows:

# ./configure –-help

To view some of the options for the configuration command.

3、 Build and install make & make install
After the environment configuration command. / configure is executed successfully, you can run the command

Copy code

The code is as follows:

# make

To generate a binary executable, which can take two to three minutes. After the executable file is successfully generated, you can use the following command

Copy code

The code is as follows:

#make install

To install. The default installation path of the system is /usr/local/samba

4、 Configure dynamic link library path
After the installation, we need to configure the dynamic link library path, because running Samba for smbd and nmbd needs to go to the DLL file under the directory / usr / local / Samba / lib. However, this directory is not the default dynamic link library file search path, so we need to add the directory to the file ld.so.conf Medium. Execute the following command

Copy code

The code is as follows:

# vi /etc/ld.so.conf

open ld.so.conf File and add the following line to the file.

Copy code

The code is as follows:

/usr/local/samba/lib

Then execute the command

Copy code

The code is as follows:

# ldconfig

To update the DLL buffer.

5、 Samba profile smb.conf
Samba needs to use the configuration file in the running process smb.conf 。 smb.conf Configuration file is the most important configuration file of samba. It defines the security mechanism of samba, the directory and parameters of file sharing and print sharing, as well as some other system configuration functions.

configuration file smb.conf The default path for is /usr/local/samba/lib/ smb.conf , we can execute specific through the -s option when running the smbd process smb.conf File (see the next section for details), generally, the -s option is not recommended because its configuration tools, such as smbclient, testarm, etc., are read by default /usr/local/samba/lib/ smb.conf Documents. Let’s explain it in a simple configuration file, which is /etc/samba/ smb.conf 。

Copy code

The code is as follows:

[global]
workgroup = MYGROUP
server string = Samba Server %v
security = user
log file = /var/log/samba/%m.log
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
[root]
path = /
valid users = root
writeable = yes
[public]
path = /data
guest ok = yes
read only = yes

The above configuration file defines two file sharing services, root and public. We will not discuss the details of the above configuration file. The main point here is: before Samba version 3.0.23, the default backend for user password authentication is smbpasswd, and after version 3.0.23, the default backend is tdbsam. We can use the parameter passdb backend to select a specific backend. When using smbpasswd, the password file read by default is / usr / local / Samba / private / smbpasswd. We can specify a specific password file through SMB passwd file.

After configuration smb.conf After the file, we can run the testparm (directory / usr / local / Samba / LIB) command to smb.conf File syntax check, it will detect which parameter names are not recognized and other issues.

6、 Start Samba
Samba has two main processes, smbd and nmbd. Smbd process provides file and print services, while nmbd provides NetBIOS name service and browse support, which helps SMB clients locate servers and process all UDP based protocols.

to configure smb.conf File, before starting the service process to run samba. We need to do some preparatory work first. Run the smbpasswd command (in the directory / usr / local / Samba / bin)

Copy code

The code is as follows:

# ./smbpasswd –a root

towards smb.conf Add the root user and password information to the / etc / Samba / smbpasswd file specified in the file. For details of smbpasswd file, please refer to relevant documents.

Then run the command

Copy code

The code is as follows:

# service iptables stop

Turn off the firewall because the firewall may prevent users from accessing the machine. Here are the service processes smbd and nmbd running samba

Copy code

The code is as follows:

# /usr/local/samba/sbin/smbd –D –s /etc/samba/smb.conf
# /usr/local/samba/sbin/nmbd –D –s /etc/samba/smb.conf

The – D option above specifies that smbd and nmbd are started as daemons, and the specific configuration file / etc / Samba is specified by the – s option/ smb.conf 。 The advantage of starting smbd and nmbd in the way of daemons is that the response speed is fast, but you can only kill it if you want to close it. Of course, we can perform these operations through scripts, so we don’t provide scripts here.

7、 Smbclient was tested
After starting samba, we can use smbclient (directory / usr / local / Samba / bin) to test it locally. Here’s the order

Copy code

The code is as follows:

# cd /usr/local/samba/bin
# ./smbclient –L //127.0.0.1

You can list the services provided by this Samba server. The running results of this example are as follows:

Copy code

The code is as follows:

[[email protected] bin]# ./smbclient –L //127.0.0.1
Enter root’s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.9]</p>
<p> Sharename Type Comment
——— ——- ——-
IPC$ IPC IPC Service (Samba Server 3.5.9)
public Disk
root Disk</p>
<p>Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.9] </p>
<p> Server Comment
———– ——-
LOCALHOST Samba Server 3.5.9

Workgroup Master
———— ——-
MYGROUP LOCALHOST

Of course, you can also access the services provided by Samba server through smbclient. The command format is as follows:

Copy code

The code is as follows:

# ./smbclient “//serverAdderss/aservice” –U username

Where serveraddress is the IP address of the samba server to be accessed, aservice specifies a service name provided on the samba server, and the option – U username specifies the user name to access the samba server. for example

Copy code

The code is as follows:

[[email protected] bin]# ./smbclient “//127.0.0.1/root” –U root
Enter root’s password:; ා enter the password of samba user root here
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.9]
SMB: \ >; ා access successful, enter the relevant command to operate

The above SMB: \ > indicates that the access is successful. At this time, we can enter some commands to operate on the samba server, such as LS, MKDIR, etc. The Q or quit command executes the exit and disconnects.

8、 Accessing Samba server on Windows client
In Windows client, you can access the root service provided on Samba server 192.168.1.34 by entering \ \ 192.168.1.34 \ \ root in [start] – run].

9、 Key options description
Global options:

Global options are used in the < section > option definition of [global] to describe some basic attributes of samba server. Some of its options can be overridden by the option definitions in other < section >.

 

workgroup = MYGROUP

Define the workgroup or domain where the samba server is located (if security = domain is set).

 

server string = Samba server

Set the description of samba server, which can be viewed in the notes when accessing through network neighbors.

 

hosts allow = host (subnet)

Set the host IP or network allowed to access the samba server. The value of this option is list type. Different items are separated by spaces or commas. For example, hosts allow = 192.168.3.0, 192.168.1.1. This option allows all hosts in 192.168.1.1 and 192.168.3.0/24 to access the samba server.

 

hosts deny = host (subnet)

Set the host IP or network that is not allowed to access the samba server in the same format as hosts allow.

 

guest account = guest

The samba server will set up the client to access the shared service with guest OK = yes when the tourist’s account is set.

 

log file = MYLOGFILE

Set the location of the record file.

 

max log size = size

Set the size of the log file in KB. If set to 0, it means no size limit.

 

security =

Set the security level of samba server, which has four security levels: share, user, server and domain, and the default is user. For more information on these four security levels, please check the documentation.

 

password server = ServerIP

Set the user account authentication server IP, which is valid when setting security = server.

 

encrypt passwords = yes | no

Set whether to encrypt the password. If the password is not encrypted, the client and the server pass the plaintext password during the authentication session. However, some windows systems do not support plaintext password transmission by default.

 

passdb backend = smbpasswd | tdbsam | ldapsam

Set the back end of samba server to access and store Samba user account, which is in samba-3.0. The default value before 23 is smbpasswd, and the default value after 23 is tdbsam.

 

smb passwd file =

Set the user account file of samba. Before samba-3.0.23, the default value is / user / local / Samba / private / smbpasswd; after samba-3.0.23, the default value is / usr / local / Samba / private/ passwd.tdb 。

 

include = smbconfFile

The include option allows you to include other profiles, which, along with some Samba defined variables, can set configurations related to different machines.

 

local master = yes | no

Set whether the samba server attempts to become the local master browser. The default value is yes. If it is set to no, the samba server will never become the local master browser. If it is set to yes, it does not mean that it can become the local master browser, but only allows it to participate in the election of the local master browser.

 

os level = N

N is an integer, and the weight of samba server when participating in the local main browser election is set. The larger the value, the greater the weight. When OS level = 0, the server will lose the opportunity to vote.

 

domain master = yes | no

Set Samba server as domain browser. The domain browser obtains the browse list from each local master browser and transmits the browse list of the whole domain to each local master browser.

 

preferred master = yes | no

Set whether the samba server is the primary primary browser in the workgroup. If set to yes, a browse selection will be enforced when nmbd starts.

Local options:

The local option is the parameter in each <section> except global. It defines the properties of the shared service.

comment =

Set the description of the shared service.

 

path =

Set the path of the shared service, which can be set in combination with samba predefined variables.

 

hosts allow = host(subnet)

hosts deny = host(subnet)

It has the same meaning as the global hosts allow and hosts deny, which will override the global settings.

 

read only = yes | no

Set whether the shared service is read-only. This option has a synonymous option writeable.

 

user = user(@group)

Set all users who may use the shared service. You can use @ group to set all user accounts in the group. The value of this option is a list, separated by spaces or commas. When security = share is set, the password provided by the client to access a shared service will be authenticated one by one with all users specified in this option. If a user passes the authentication, the shared service access will be conducted with the user’s authority. Otherwise, the client’s access will be denied (setting security = share does not allow tourists to access, only guest OK)= Yes is to allow visitors to visit, please remember.

 

valid users = user(@group)

Set the users and groups that can use the shared service in the same format as the user option.

 

invalid users = user(@group)

Set the users and groups that cannot use the shared service, and the value is the same as the user option.

 

read list = user(@group)

Set the users and groups that have only read permission to the shared service, and the format of the value is the same as the user option.

 

write list = user(@group)

Set the users and groups with read and write permission to the shared service, and the value is the same as the user option.

 

admin list = user(@group)

Set the users and groups with administrative rights to the shared service, whose value is the same as the user option.

 

public = yes | no

Set whether the shared service can be accessed by tourists. The synonym option is guest OK.

 

create mode = mode

Mode is an octal value, such as 0755, and its default value is 0744. The value specified by this option is used to filter the access rights of new files. The default permissions of new files will be bitwise and operated with the value specified by create mode, and then the results will be bitwise or operated with the value specified by force create mode, and the result will be the access rights of new files.

 

force create mode = mode

Mode is octal value, the default is 0000. Its function refers to the option create mode.

 

directory mode = mode

Mode is octal value, the default value is 0755. The value specified by this option is used to filter the access rights of the new directory. The default permission of the new directory will be bitwise and operated with the value specified by directory mode, and the result will be bitwise or operated with the value specified by force directory mode, and the result will be the access right of the new directory.

 

force directory mode = mode

Mode is octal value, the default is 0000. The function of this option refers to the option directory mode.

 

force user = user

Force the property onwer of the new file to be set. If there is a directory that allows guest to be written, then guest can be deleted. However, if force user is set as other users and create mode = 0755, the users of gues cannot delete the new files.

 

The above is just a brief introduction to some important options, and there is no discussion about the options for [printers]. Please refer to man for more options smb.conf Check.