Installation and configuration of samba server under CentOS 6.3

Time:2020-11-28

1、 Introduction

Samba is a software that can make Linux system apply Microsoft network communication protocol. SMB is the abbreviation of server message block, that is, server message block. SMB is mainly used as the network communication protocol of Microsoft. Later, samba applied SMB communication protocol to Linux system to form the current Samba software. Later, Microsoft renamed SMB CIFS (common Internet File System), that is, public Internet file system, and added many new functions, which made Samba have more powerful functions.

The biggest function of Samba is that it can be used for direct file sharing and print sharing between Linux and windows systems. Samba can be used for file sharing between windows and Linux, as well as resource sharing between Linux and Linux. Because NFS (network file system) can well complete the data sharing between Linux and Linux, so Samba is more used in data sharing between Linux and windows.

SMB is based on client / server protocol, so a samba server can act as both a file sharing server and a samba client. For example, if a samba server has been set up under Linux, the Windows client can share the resource files on the samba server through the SMB protocol. At the same time, samba server can also access the network Files shared by other windows or Linux systems.
Samba uses the NetBIOS protocol under windows. If you want to use the files shared under Linux, please confirm whether the NetBIOS protocol is installed on your Windows system.

There are two services running in samba, one is SMB, the other is NMB; SMB is the core startup service of samba, which is mainly responsible for establishing the dialogue between Linux Samba server and Samba client, verifying user identity and providing access to file and printing system. Only when SMB service is started can file sharing be realized and monitoring 139 The NMB service is responsible for parsing, which is similar to the function implemented with DNS. NMB can match the name of the working group shared by Linux system with its IP. If the NMB service is not started, it can only access the shared file through IP and listen to 137 and 138 UDP ports.

For example, if the IP address of a samba server is 10.0.0.163, and the corresponding working group name is David samba, the shared files can be accessed by entering the following two instructions in the IE browser of windows. In fact, this is how to view the files of samba server under Linux.
\ \ 10.0.0.163 \ \ shared directory name
\ \ davidsamba \ \ shared directory name

Samba server can realize the following functions: wins and DNS services; network browsing services; authentication and authorization between Linux and windows domains; Unicode character set and domain name mapping; UNIX sharing meeting CIFS protocol, etc.

2、 System environment

System platform: CentOS release 6.3 (final)

Samba version: samba-3.5.10-125.el6.x86_ Sixty-four

Samba Server IP:10.0.0.163

Firewall is down / iptables: firewall is not running

SELINUX=disabled

3、 Install Samba service

1. Use the yum tool to install on the machine that can be connected to the network. If the network is not connected, mount the system CD for installation.

# yum install samba samba-client samba-swat

Samba common, samba winbind clients and libsmbclient will be installed automatically.

2. View installation status

3. Installation package instructions

samba-common-3.5.10-125.el6.x86_ 64 / / it mainly provides the settings file of samba server and the syntax checker testarm
samba-client-3.5.10-125.el6.x86_ 64 / / client software, which mainly provides the required tool instruction set when the Linux host is used as the client
samba-swat-3.5.10-125.el6.x86_ 64 / / Samba server web configuration interface based on HTTPS protocol
samba-3.5.10-125.el6.x86_ 64 / / server side software, which mainly provides Samba server daemons, shared documents, log rotation, and boot default options

After the samba server is installed, the configuration file directory / etc / samba and some other Samba executable command tools, / etc / samba, will be generated/ smb.conf Is the core configuration file of samba, and / etc / init.d/smb is the startup / shutdown file of samba.

4. Start the samba server

You can start, close, and restart Samba service through / etc / init.d/smb start / stop / restart. Start SMB service as follows:

5. Check the service startup of samba

# service smb status

6. Set boot up

#Chkconfig — level 35 SMB on / / automatically runs Samba service at Level 3 and level 5

4、 Configure Samba service

The main configuration file for Samba is / etc / samba/ smb.conf

The main configuration file consists of two parts

Global settings (lines 55-245)
This setting is related to the overall running environment of samba service, and its setting items are for all shared resources.

Share definitions (246 – last line)
This setting is specific to the individual settings of the shared directory and only works on the current shared resources.

Global parameters:

#==================Global Settings ===================
[global]

config file = /usr/local/samba/lib/smb.conf.%m
Note: the config file allows you to use another configuration file to override the default configuration file. If the file does not exist, the entry is invalid. This parameter is very useful to make the samba configuration more flexible. One Samba server can simulate multiple servers with different configurations. For example, if you want PC1 (host name) to use its own configuration file when accessing Samba server, configure PC1 under / etc / Samba / host / smb.conf.pc1 And then in the smb.conf Add: config file = / etc / Samba / host/ smb.conf .%m。 In this way, when PC1 requests to connect to Samba server, smb.conf % m is replaced by smb.conf.pc1 。 In this way, for PC1, the samba service it uses is smb.conf.pc1 However, other machines accessing Samba server are still applications smb.conf 。

workgroup = WORKGROUP
Note: set the working group or domain that Samba server will join.

server string = Samba Server Version %v
Any string of samba, which can be specified or not. The macro% v shows the version number of samba.

netbios name = smbserver
Note: set the NetBIOS name of samba server. If not, the first part of the DNS name of the server will be used by default. Do not set the NetBIOS name and the workgroup name to the same.

interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
Note: set which network cards Samba server monitors. You can write the name of the network card or the IP address of the network card.

hosts allow = 127. 192.168.1. 192.168.10.1
Description: indicates that clients are allowed to connect to Samba server. Multiple parameters are separated by spaces. It can be represented by an IP or a network segment. Hosts deny is the opposite of hosts allow.
For example: hosts allow = 172.17.2.excelt172.17.2.50
Indicates that host connections from 172.17.2. * are allowed, but 172.17.2.50 is excluded
hosts allow=172.17.2.0/255.255.0.0
Indicates that all host connections from the 172.17.2.0 / 255.255.0.0 subnet are allowed
hosts allow=M1,M2
Indicates that two computers from M1 and M2 are allowed to connect
hosts [email protected]
Indicates that all computers from the PEGA domain are allowed to connect

max connections = 0
Note: Max connections is used to specify the maximum number of connections to Samba server. If the number of connections is exceeded, new connection requests will be rejected. 0 means unlimited.

deadtime = 0
Description: deadtime is used to set the time to disconnect a connection without opening any files. The unit is minutes. 0 means that Samba server does not automatically disconnect any connections.

time server = yes/no
Note: time server is used to set nmdb as the time server of Windows client.

log file = /var/log/samba/log.%m
Description: set the storage location and log file name of samba server log file. Add a macro% m (host name) after the file name to indicate that each machine accessing Samba server will record a separate log file. If PC1 and PC2 have visited Samba server, they will be left in the / var / log / Samba directory log.pc1 and log.pc2 Two log files.

max log size = 50
Note: set the maximum capacity of samba server log file, the unit is KB, 0 means unlimited.

security = user
Note: set the user access to Samba server authentication mode, a total of four authentication methods.
1. Share: users do not need to provide user name and password to access Samba server, so the security performance is low.
2. User: Samba server shared directory can only be accessed by authorized users, and Samba server is responsible for checking the correctness of account and password. The account and password should be established in this Samba server.
3. Server: rely on other Windows NT / 2000 or Samba server to verify the user’s account and password, which is a kind of proxy authentication. In this security mode, the system administrator can centralize all windows users and passwords on one NT system, and use Windows NT for Samba authentication. The remote server can automatically authenticate all users and passwords. If authentication fails, samba will use user level security mode as an alternative.
4. Domain: domain security level, using primary domain controller (PDC) to complete authentication.

passdb backend = tdbsam
Note: passdb backend means user background. At present, there are three kinds of backstage: smbpasswd, tdbsam and ldapsam. Sam should be short for security account manager.
1. Smbpasswd: this method uses SMB’s own tool smbpasswd to set a samba password for system users (real users or virtual users), and the client uses this password to access Samba resources. The smbpasswd file is in the / etc / Samba directory by default, but sometimes it needs to be created manually.
2. Tdbsam: this method uses a database file to establish a user database. The database file is called passdb.tdb By default, it is in the / etc / Samba directory. passdb.tdb Users can use sambpba to establish a database. We can also use the pdbedit command to set up Samba accounts. There are many parameters to the pdbedit command. Let’s list a few major ones.
Pdbedit – a username: create a new Samba account.
Pdbedit – x Username: delete Samba account.
Pdbedit – L: List Samba users, read passdb.tdb Database file.
Pdbedit – LV: lists the details of the samba user list.
Pdbedit – C “[D] – u Username: pause the account of the samba user.
Pdbedit – C “[]” – u Username: restore the samba user’s account.
3. Ldapsam: this method is based on LDAP account management to authenticate users. First, set up the LDAP service, and then set “passdb backend”= ldapsam:ldap ://LDAP Server”

encrypt passwords = yes/no
Note: whether to encrypt the authentication password. Since the windows operating system now uses encrypted passwords, it is generally necessary to open this option. However, the configuration file is enabled by default.

smb passwd file = /etc/samba/smbpasswd
Description: the password file used to define the samba user. If there is no smbpasswd file, you need to create a new one manually.

username map = /etc/samba/smbusers
Note: it is used to define the user name mapping, such as changing root to administrator, admin, etc. However, it should be defined in the smbucers file in advance. For example: root = administrator admin, so that you can use administrator or admin to log in Samba server instead of root, which is closer to the habits of Windows users.

guest account = nobody
Description: used to set the guest user name.

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Note: socket option is used to set the session between the server and the client, which can optimize the transmission speed.

domain master = yes/no
Note: set whether the samba server should be the domain master browser. The domain master browser can manage the browsing services across subdomains.

local master = yes/no
Note: the local master is used to specify whether Samba server attempts to become the master browser of the local domain. If set to no, it will never become the local domain master browser. However, even if it is set to yes, it does not mean that the samba server can become the main browser and needs to participate in the election.

preferred master = yes/no
Note: setting the samba server to force the election of master browser as soon as it is started can improve the chance of samba server becoming the master browser of local domain. If this parameter is specified as yes, it is better to specify domain master as yes. When using this parameter, it should be noted that if there are other machines (whether windows nt or other Samba servers) in the subnet where the samba server is located, they will broadcast on the network because of competing for the master browser, which will affect the network performance.
If there are multiple Samba servers in the same area, set the above three parameters to one.

os level = 200
Note: set the OS level of samba server. This parameter determines whether the samba server has the opportunity to become the primary browser for the local domain. The OS level ranges from 0 to 255, the OS level of WinNT is 32, and the OS level of Win95 / 98 is 1. The OS level of Windows 2000 is 64. If set to 0, it means that Samba server will lose browse selection. If you want Samba server to be a PDC, set its OS level value higher.

domain logons = yes/no
Note: set whether Samba server is to be the local domain controller. Both the primary domain controller and the backup domain controller need to turn this on.

logon script = %u.bat
Note: when the user logs in with the Windows client, samba will provide a login file. If it is set to% u.bat, a login file will be provided for each user. If there are more people, it will be more troublesome. It can be set to a specific file name, such as start.bat , then the user will execute after login start.bat Instead of setting a login file for each user. This file should be placed in the directory path set by the path of [Netlogon].

wins support = yes/no
Note: set whether Samba server provides wins service.

Wins server = wins server IP address
Note: set whether Samba server uses other wins servers to provide wins services.

wins proxy = yes/no
Note: set whether Samba server enables the wins proxy service.

dns proxy = yes/no
Note: set whether Samba server can open DNS proxy service.

load printers = yes/no
When Samba starts, it indicates whether to share the printer.

printcap name = cups
Description: set the profile of shared printer.

printing = cups
Description: set the type of samba shared printer. At present, the printing systems supported are BSD, SYSV, PLP, lprng, AIX, HPUX, QNX
 
Shared parameters:
#================== Share Definitions ==================
[share name]

Comment = any string
Note: comment is the description of the share and can be any string.

Path = shared directory path
Description: path is used to specify the path of the shared directory. Macros such as% u and% m can be used to replace the NetBIOS names of UNIX users and clients in the path. The macro representation is mainly used for the [homes] shared domain. For example, if we don’t plan to use the home segment as the customer’s share, but create a directory under / home / share / for each Linux user with his / her user name as his / her shared directory, so that the path can be written as: path = / home / share /% U. When a user connects to this share, the specific path will be replaced by his user name. It should be noted that this user name path must exist, otherwise, the client will not find the network path when accessing. Similarly, if we do not divide the directory by users, but by clients, and create a path with its NetBIOS name for each machine on the network that can access samba, as a shared resource of different machines, we can write as follows: path = / home / share /% M.

browseable = yes/no
Note: browseable is used to specify whether the share can be browsed.

writable = yes/no
Note: writable is used to specify whether the shared path is writable.

available = yes/no
Note: available is used to specify whether the shared resource is available.

Admin users = administrator of the share
Note: admin users is used to specify the administrator of the share (with full control rights on the share). In Samba 3.0, this entry is invalid if the user authentication mode is set to “security = share”.
For example: admin users = David, Sandy (multiple users are separated by commas).

Valid users = users allowed to access the share
Note: valid users is used to specify the users who are allowed to access the shared resource.
For example: valid users = David, @ David, @ Tech (multiple users or groups are separated by commas, and if you want to join a group, use “@ group name”)

Invalid users = users who are not allowed to access the share
Note: invalid users is used to specify users who are not allowed to access the shared resource.
For example: invalid users = root, @ Bob (multiple users or groups are separated by commas.)

Write list = users allowed to write to the share
Note: write list is used to specify the users who can write files under the share.
For example: write list = David, @ David

public = yes/no
Note: public is used to specify whether the share is allowed to be accessed by the guest account.

guest ok = yes/no
Note: the meaning is the same as “public”.
 
Several special shares:

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
; valid users = MYDOMAIN\%S
 
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
 
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
 
[Profiles]
path = /var/lib/samba/profiles
browseable = no
guest ok = yes

After Samba is installed, use the testarm command to test smb.conf Whether the configuration is correct. Use the testarm – V command to list in detail smb.conf Supported configuration parameters.

default smb.conf There are many options and contents, which are rather complicated. Here, we will explain the configuration options according to the case. First, back up your own smb.conf File, and then create a new one smb.conf 。

# cp -p /etc/samba/smb.conf    /etc/samba/smb.conf.orig

Case 1: the company has a working group, which needs to add a samba server as a file server, and publish the shared directory / share, which is called public, which can be accessed by all employees.

a. Modify the main configuration file of samba as follows:

XML/HTML CodeCopy content to clipboard
  1. #======================= Global Settings =====================================   
  2.   
  3. [global] / / this setting is related to the overall running environment of samba service, and its setting items are for all shared resources
  4.   
  5. # ———————– Network Related Options ————————-   
  6. #   
  7. workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH   
  8. #   
  9. # server string is the equivalent of the NT Description field   
  10. #   
  11. # netbios name can be used to specify a server name not tied to the hostname   
  12.   
  13.         workgroup = WORKGROUP//Define the working group, which is the concept of working group in windows
  14.         server string = DavidSamba server version% v / / a brief description of samba server
  15.         netbios name = DavidSamba//Define the computer name displayed in windows
  16.   
  17. # ————————— Logging Options —————————–   
  18. #   
  19. # Log File let you specify where to put logs and how to split them up.   
  20.   
  21.         log file=/ var / log / Samba / log.% m / / defines the log file of samba user, and% m represents the client host name
  22. //Samba server will create different log files for each login host in the specified directory
  23. # ———————– Standalone Server Options ————————   
  24. #   
  25. # Scurity can be set to user, share(deprecated) or server(deprecated)   
  26.   
  27.         security = share//Sharing level, users do not need an account and password to access
  28.   
  29. #============================ Share Definitions ==============================   
  30.   
  31. [public] / / the settings are specific to the individual settings of the shared directory, and only affect the current shared resources
  32.         comment = PublicStuff / / for the description file of the shared directory, you can define the description information yourself
  33.         path=/ share / / used to specify the shared directory. Required
  34.         public = yes//Everyone can view it, which is equivalent to guestok = yes  

b. Establish shared directory

The shared directory is set to / share. The following needs to be created:

To set up anonymous users to download or upload shared files, the / share directory should be authorized as nobody permission.

c. Restart SMB service

d. Testing smb.conf Is the configuration correct

e. Accessing shared files of samba server

Accessing shared files of samba server under Linux

Accessing shared files of samba server under Windows

Case 2There are many departments in the company. Due to the work needs, the information of TS department is stored in the / TS directory of samba server for centralized management, so that TS personnel can browse it, and the directory is only allowed to access by TS department employees.

a. Add TS department group and user

How to add a user to the corresponding group at the same time: useradd – G group name user name

b. Create the / TS folder in the root directory

c. Add the two accounts you just created to Samba’s account

d. Modify the main configuration file as follows:

XML/HTML CodeCopy content to clipboard
  1. #======================= Global Settings =====================================   
  2.   
  3. [global]   
  4.   
  5. # ———————– Network Related Options ————————-   
  6. #   
  7. workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH   
  8. #   
  9. # server string is the equivalent of the NT Description field   
  10. #   
  11. # netbios name can be used to specify a server name not tied to the hostname   
  12.   
  13.         workgroup = WORKGROUP  
  14.         server string = David Samba Server Version %v   
  15.         netbios name = DavidSamba  
  16.   
  17. # ————————— Logging Options —————————–   
  18. #   
  19. # Log File let you specify where to put logs and how to split them up.   
  20.   
  21.         log file = /var/log/samba/log.%m   
  22.   
  23. # ———————– Standalone Server Options ————————   
  24. #   
  25. # Scurity can be set to user, share(deprecated) or server(deprecated)   
  26.   
  27.         security = user//At the user level, the samba server providing the service is responsible for checking the account and password
  28.   
  29. #============================ Share Definitions ==============================   
  30.   
  31. [homes] / / set user host directory
  32.         comment = Home Directories   
  33.         browseable = no  
  34.         writable = yes  
  35. ;       valid users = %S   
  36. ;       valid users = MYDOMAIN\%S   
  37.   
  38. [public]   
  39.         comment = Public Stuff   
  40.         path = /share   
  41.         public = yes  
  42.   
  43. [TS] / / TS group directory. Only members of TS group are allowed to access
  44.         comment = TS  
  45.         path = /ts   
  46.         valid users = @ts  

e. Reload configuration

f. Go to the Windows client for authentication, visit \ \ 10.0.0.163, and you will be prompted to enter the user name and password. Enter sandy authentication here, as shown in the following figure:

g. If the access is successful, you can see the public public directory, the host directory of user sandy, and the TS directory that he has permission to access

h. Go to the TS directory and find the newyork.city file

Case 3To achieve different users to access the same shared directory with different permissions, it is easy to manage and maintain. It can basically meet the needs of some enterprise users. (organized from network)

a. Demand

1. There are five departments in a company: HR & Admin Dept, financial management dept, technical support dept, Project Dept and customer service dept.
2. Each department’s folder can only be accessed by the staff of the Department; the documents of communication nature between departments are put into the public folder.
3. Each department has an administrator account for managing its own department folder and an account with normal user rights that can only create and view files.
4. The public folder is divided into the tool folder and the shared file folder.
5. For each department’s own folder, each department administrator has full control authority, while ordinary users of each department can create new files and folders under the Department folder, and have full control right for their newly created files and folders. For the files and folders newly created and uploaded by the administrator, they can only be accessed, and cannot be changed or deleted. Users who are not in this department cannot access the Department folder.
6. For the shared folder of each department in the public folder, the administrator of each department has the full control authority, while the ordinary users of each department can create new files and folders under the Department folder, and have full control rights for the newly created files and folders. The files and folders created and uploaded by the administrator can only be accessed, and cannot be changed or deleted. When users of this department (including administrators and ordinary users) can only view the shared folder of other departments, they can not modify, delete or create. For the folder where the tool is stored, only the administrator has permission, and other users can only access it.

b. Planning

According to the company’s demand, the following planning is made:
1. When the system is partitioned into a company area, there are the following folders: HR, FM, TS, pro, CS and share. Under share, there are the following folders: HR, FM, TS, pro, CS and tools.
2. The corresponding folder of each department is managed by each department, and the tools folder is maintained by the administrator.
3. HR administrator account: hradmin; ordinary user account: hruser.
FM administrator account: fmadmin; ordinary user account: fmuser.
TS administrator account: tsadmin; ordinary user account: tsuser.
Pro administrator account: proadmin; ordinary user account: prouser.
CS administrator account: csadmin; ordinary user account: csuser.
Tools administrator account: admin.

The relationship between folders is shown in the following figure:

c. New user

Use the useradd command to create a new system account, and then use smbpasswd – a to create an SMB account.

bash/shell CodeCopy content to clipboard
  1. [[email protected] ~]# useradd -s /sbin/nologin hradmin             
  2. [[email protected] ~]# useradd -g hradmin -s /sbin/nologin hruser   
  3. [[email protected] ~]# useradd -s /sbin/nologin fmadmin               
  4. [[email protected] ~]# useradd -g fmadmin -s /sbin/nologin fmuser        
  5. [[email protected] ~]# useradd -s /sbin/nologin tsadmin   
  6. [[email protected] ~]# useradd -g tsadmin -s /sbin/nologin tsuser   
  7. [[email protected] ~]# useradd -s /sbin/nologin proadmin            
  8. [[email protected] ~]# useradd -g proadmin -s /sbin/nologin prouser    
  9. [[email protected] ~]# useradd -s /sbin/nologin csadmin   
  10. [[email protected] ~]# useradd -g csadmin -s /sbin/nologin csuser   
  11. [[email protected] ~]# useradd -s /sbin/nologin admin               
  12. [[email protected] ~]  
  13.   
  14. [[email protected] ~]# smbpasswd -a hradmin   
  15. New SMB password:   
  16. Retype new SMB password:   
  17. Added user fmuser.   
  18. [[email protected] ~]# smbpasswd -a hruser   
  19. [[email protected] ~]# smbpasswd -a fmadmin   
  20. [[email protected] ~]# smbpasswd -a fmuser   
  21. [[email protected] ~]# smbpasswd -a tsadmin   
  22. [[email protected] ~]# smbpasswd -a tsuser   
  23. [[email protected] ~]# smbpasswd -a proadmin   
  24. [[email protected] ~]# smbpasswd -a prouser   
  25. [[email protected] ~]# smbpasswd -a csadmin    
  26. [[email protected] ~]# smbpasswd -a csuser   
  27. [[email protected] ~]# smbpasswd -a admin       
  28. [[email protected] ~]#  

d. New directory

e. Change directory properties

bash/shell CodeCopy content to clipboard
  1. [[email protected] Company]# chown hradmin.hradmin HR   
  2. [[email protected] Company]# chown fmadmin.fmadmin FM   
  3. [[email protected] Company]# chown tsadmin.tsadmin TS       
  4. [[email protected] Company]# chown proadmin.proadmin PRO       
  5. [[email protected] Company]# chown csadmin.csadmin CS         
  6. [[email protected] Company]# chown admin.admin Share  

bash/shell CodeCopy content to clipboard
  1. [roo[email protected] Company]# cd Share/   
  2. [[email protected] Share]# chown hradmin.hradmin HR && chown fmadmin.fmadmin FM && chown tsadmin.tsadmin TS && chown proadmin.proadmin PRO && chown csadmin.csadmin CS && chown admin.admin Tools   
  3. [[email protected] Share]# chmod 1775 HR FM TS PRO CS  

f. Configure Samba as follows:

XML/HTML CodeCopy content to clipboard
  1. #======================= Global Settings =====================================   
  2.   
  3. [global]   
  4.   
  5. # ———————– Network Related Options ————————-   
  6. #   
  7. workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH   
  8. #   
  9. # server string is the equivalent of the NT Description field   
  10. #   
  11. # netbios name can be used to specify a server name not tied to the hostname   
  12.   
  13.         workgroup = WORKGROUP  
  14.         server string = David Samba Server Version %v   
  15.         netbios name = DavidSamba  
  16.   
  17. # ————————— Logging Options —————————–   
  18. #   
  19. # Log File let you specify where to put logs and how to split them up.   
  20.   
  21.         log file = /var/log/samba/log.%m   
  22.         max log size = 50  
  23.   
  24. # ———————– Standalone Server Options ————————   
  25. #   
  26. # Scurity can be set to user, share(deprecated) or server(deprecated)   
  27.   
  28.         security = user  
  29.         passdb backend = tdbsam  
  30.   
  31. #============================ Share Definitions ==============================   
  32.   
  33. [HR]   
  34.      comment = This is a directory of HR.   
  35.      path = /Company/HR/   
  36.      public = no  
  37.      admin users = hradmin  
  38.      valid users = @hradmin   
  39.      writable = yes  
  40.      create mask = 0750  
  41.      directory mask = 0750  
  42.     
  43. [FM]   
  44.      comment = This is a directory of FM.   
  45.      path = /Company/FM/   
  46.      public = no  
  47.      admin users = fmadmin  
  48.      valid users = @fmadmin   
  49.      writable = yes  
  50.      create mask = 0750  
  51.      directory mask = 0750  
  52.     
  53. [TS]   
  54.      comment = This is a directory of TS.   
  55.      path = /Company/TS/   
  56.      public = no  
  57.      admin users = tsadmin  
  58.      valid users = @tsadmin   
  59.      writable = yes  
  60.      create mask = 0750  
  61.      directory mask = 0750  
  62.     
  63. [PRO]   
  64.      comment = This is a PRO directory.   
  65.      path = /Company/PRO/   
  66.      public = no  
  67.      admin users = proadmin  
  68.      valid users = @proadmin   
  69.      writable = yes  
  70.      create mask = 0750  
  71.      directory mask = 0750  
  72.     
  73. [CS]   
  74.      comment = This is a directory of CS.   
  75.      path = /Company/CS/   
  76.      public = no  
  77.      admin users = csadmin  
  78.      valid users = @csadmin   
  79.      writable = yes  
  80.      create mask = 0750  
  81.      directory mask = 0750  
  82.     
  83. [Share]   
  84.      comment = This is a share directory.   
  85.      path = /Company/Share/   
  86.      public = no  
  87.      valid users = admin,@hradmin,@fmadmin,@tsadmin,@proadmin,@csadmin   
  88.      writable = yes  
  89.      create mask = 0755  
  90.      directory mask = 0755  

g. Testing

Log in to the system as hradmin

Try to access the TS Department folder and ask for a user name and password

An attempt was made to create a new file under \ \ 10.0.0.163

Created successfully under the folder of your department

Other tests were completed by themselves.

Configuration complete.

5、 Map shared directory to windows drive

Map the public directory shared by Samba into a drive letter of windows:

a. Right click “computer” – > “map network drive”

b. Enter the shared address and path in the folder bar, and click Finish to enter the user name and password

c. After mapping, open the explorer to see the mapped shared directory

Tips:

When accessing other file resources through “\ \ IP address” under windows, you usually need to enter the password for the first time, and then you can log in directly without entering the password. What if we want to switch to other Samba users? The following instructions can be executed in Windows:
First, check the existing connections by starting > running > > CMD, and then execute “net use \ \ Samba server IP address or NetBIOS name \ \ IPC $/ del” to delete the connection already established by Samba server. Or execute “net use * / del” to delete all current connections. Finally, you can switch users when you execute “\ \ IP address” again.

6、 Linux client access operation

The operation of Windows client accessing Samba server is described above. How to operate when viewing files shared by other Linux Samba servers when Linux is the client?

This requires the smbclient tool. The system brings this command by default. The common usage of smbclient is as follows:

1. View shared data of samba server

#Smbclient – L / / IP address of samba server – U Samba user name

“- L” means list and “- U” means user. If Samba server has no password access, you can omit “- U Samba user name”.

For example, when Samba needs a password to log in, the sharing method is as follows:

# smbclient  -L //10.0.0.163/public –U david

When Samba has no password access, execute the following command:

# smbclient  -L //10.0.0.163/public

Password: just press enter.

2. Log in to Samba server

If you need to log in to Samba server on Linux client, the usage is as follows:

#IP address of smbclient / / Samba server – U Samba user name

Take a look at the following actions:

# smbclient //10.0.0.163/public -U david

SMB: \ >? / / type? Here to view all the commands available on the SMB command line.

The operation process is similar to logging in to FTP server. After logging in to Samba server, you can upload and download files. If you have sufficient permissions, you can also modify files.

In addition, the files shared by Samba server can also be mounted on the Linux client, which requires the mount command, as shown below:

# mount -t cifs -l //10.0.0.163/public /mnt/samba/

7、 Swat, a samba web management tool

SWAT (Samba web administration tool) is one of the tools to manage Samba through browser. Through Swat, you can control Samba on the server side with the browser in the clients that Samba allows to access. Online document reading smb.conf The confirmation and editing, password change, service restart and so on can be completed through Swat. Its intuitive makes Samba gentle. It is a powerful tool for those who don’t like text interface management server.

The Swat tool is nested in the xinetd super daemons, and SWAT is enabled by enabling the xinetd process. So install the xinetd toolkit first, and then the Swat toolkit. Samba-swat-3.5.10-125.el6.x86 is already installed_ 64. I will not repeat it here.

1. Configure SWAT

Because SWAT is a child process of xinetd super daemons, the Swat tool configuration file is in the xinetd directory. We need to set the Swat configuration file and open this sub process to enable SWAT when the xinetd process is enabled. The Swat configuration file is in the / etc / xinetd. D directory.

Open and edit / etc / xinetd.d/swat

XML/HTML CodeCopy content to clipboard
  1. # default: off   
  2. # description: SWAT is the Samba Web Admin Tool. Use swat \   
  3. #              to configure your Samba server. To use SWAT, \   
  4. #              connect to port 901 with your favorite web browser.   
  5. service swat   
  6. {   
  7.         port            = 901//SWAT uses TCP port 901 by default, which can be modified
  8.         socket_type     = stream//Samba can be configured through the web, and it can be modified to other system users by using the root account by default
  9.         wait            = no  
  10.         only_from       = 127.0.0.1                 
  11.         only_from       = 10. 0.0.0 / / adding this line will“only_from=127. 0.0.1 “to“only_from=10. 0.0.0 “, only intranet scope is allowed to access Swat
  12.         user            = root  
  13.         server=The executor of / usr / SBIN / SWAT / / SWAT is in the / usr / SBIN directory by default
  14.         log_on_failure  += USERID   
  15.         disable         = yes//Will“disable=yes”Change to“disable=no”In this way, the Swat subprocess can be started with the xinetd super daemons
  16. }  

2. Start SWAT

As long as netxind is enabled, netxind will also be a child process.

3. Open SWAT

After the server starts Swat, we can access the server’s Swat through http: / / server’s intranet IP: 901 through the browser of the client within the scope of Swat, and enter the user name and password of the root user to enter the Swat management home page, as shown below:

Home page of SWAT Management Center

Management of samba and direct modification through SWAT smb.conf In essence, there is no difference in the way of browser access, but Samba management can be more gentle, more suitable for friends who are not good at using text interface and directly modifying configuration files.

4. Configuring Samba through SWAT

On the Swat page, we can see that there are eight options, each of which can configure different functions of samba.

Home: Samba related procedures and documents.

Globals: set the global parameters of samba. Namely smb.conf [global] of the file.

Shared parameters of samba.

Printers: set the print parameters of samba.

Wizard: Samba configuration wizard.

Status: view and set the service status of samba.

View: view the text configuration file of samba, i.e smb.conf 。

Password: set Samba user, can change password, create and delete user.

For details, please refer to the following information for reference only: https://www.jb51.net/LINUXjishu/398109.html

At this point, all configuration of the samba server is complete.