Linux Samba file sharing service, installation and case configuration

Time:2020-5-22

Samba server installation and configuration

1: Install Samba Server package

[[email protected] ~]# rpm -qa | grep samba

[[email protected] ~]# yum -y install samba

[[email protected] ~]# yum -y install samba-client

 

2:/etc/samba/ smb.conf Document details

[[email protected] ~]# cat /etc/samba/smb.conf

# See smb.conf.example for a more detailed config file or

# read the smb.conf manpage.

# Run ‘testparm’ to verify the config is correct after

# you modified it.

 

[global] \ \ set global parameter content

          workgroup = SAMBA

          security = user

 

          passdb backend = tdbsam

 

          printing = cups

          printcap name = cups

          load printers = yes

          cups options = raw

 

[homes] \ \ file sharing

          comment = Home Directories

          valid users = %S, %D%w%S

          browseable = No

          read only = No

          inherit acls = Yes

 

[printers] \ \ printer sharing

          comment = All Printers

          path = /var/tmp

          printable = Yes

          create mask = 0600

          browseable = No

 

[print$]

          comment = Printer Drivers

          path = /var/lib/samba/drivers

          write list = root

          create mask = 0664

          directory mask = 0775

 

Note: [global]

The global settings of samba server are valid for the whole server.

 

workgroup

Syntax: workgtoup =;

Default: workgroup = mygroup

Note: set up a workgroup for Samba server

For example: workgroup = workgroup and win2000s are set as a group. You can see the share in the network neighborhood.

 

server string

Syntax: server string =;

Default: Sarver string = Samba server

Note: set notes for Samba server

Other: support variable t% – access time I% – client IP M% – client host name M% – client domain name s% – client user name

For example, server string = this is a samba server. Set the samba server that appears in the windows network neighborhood as this is a samba server

 

hosts allow

Syntax: hosts aoolw=; …

Default: host allow = 192.168.1. 192.168.2. 127

Note: limit machines that are allowed to connect to Samba server, with multiple parameters separated by spaces. The representation method can be a complete IP address, such as 192.168.0.1 network segment, such as 192.168.0

For example: hosts allow = 192.168.1. 192.168.0.1 means that the machine with the address of 192.168.0.1 is allowed to connect to its Samba server

 

printcap name

Syntax: printcap name =;

Default: printcap name = / etc / printcap

Description: set the configuration file of samba srever printer

Example: printcap name = / etc / printcap sets the printer settings of samba srever reference / etc / printcap file.

 

load printers

Syntax: load printers=;

Default: load printers = yes

Note: whether to share printers when Samba server is turned on.

 

printing

Syntax: printing =;

Default: printing = lprng

Note: set the type used by the samba server printer to the type currently supported.

 

guest account

Syntax: guert account =;

Default: Guest account = pcguest

Note: set the guest account for accessing Samba server (i.e. the account without user name and password). If pcguest is set, it will be the “nobody” user by default.

For example: guert account = Andy sets the guest account that accesses Samba server to log in as Andy user, then this login account has all the permissions of Andy user.

 

log file

Syntax: log file =;

Default: log file = / var / log / Samba /% m.log

Description: set the storage location and file name of the samba server log file (% m represents the client host name)

 

max log size

Syntax: Max log size =? KB >;

Default: Max log size = 0

Note: set the maximum capacity of the daily file. The default value of 0 here means no limit.

 

security

Syntax: Security =;

Default: Security = user

Note: there are four security levels for accessing Samba server:

Share — user name and password are not required.

User —- user name and password are required, and Samba server is responsible for authentication.

Server — user name and password are required. You can specify another machine (WinNT / 2000 / XP) or another Samba server for authentication.

Domain — user name and password shall be provided, and WinNT / 2000 / XP domain server shall be specified for authentication.

 

password server

Syntax: password server=;

Default: password server=;

Note: specify the password of a server (including windows and Linux) as the password verified when the user logs in.

Other: this parameter can only be set when security = server.

 

password level

Syntax: password level =;

username level = ;

Default: password level = 8

 

username level

username level = 8

Note: set the number of digits of user name and password, default to 8 characters.

 

encrypt passwords

Syntax: encrypt passwords=;

Default: encrypt passwords = yse

Note: set whether to encrypt the password of samba.

 

smb passwd file

Syntax: SMB passwd file =;

Default: SMB passwd file = / etc / Samba / smbpasswd

Note: set the password file of samba.

 

local master

Syntax: local master=;

Default: local master = no

Note: set whether Samba server should play the role of LMB (LMB is responsible for collecting browse list resources of local network). Usually, no is set for no special reason

 

os level

Syntax: OS level =;

Preset: OS level = 33

Note: set the OS level of samba server from 0 to 255. The OS level of WinNT is 33, and the OS level of Win95 / 98 is 1. If Samba server is used as LMB or DMB, its OS level should be at least greater than 33 of NT.

 

domain master

Syntax: domain master=;

Default: domain master = yes

Note: set whether Samba server should play the role of DMB (DMB will be responsible for collecting browse list resources of other subnets). Usually no is set for no special reason

 

preferred master

Syntax: preferred Master=;

Default: preferred Master = yes

Note: set whether Samba server should play the role of PDC (PDC will be responsible for tracking all changes made to the network account). Usually no is set for no reason. (there cannot be two pDCs in the same network segment, they will seize the master control every five minutes.)

 

wins support

Syntax: wins support=;

Default: wins support = yes

Note: set whether Samba server wants to provide wins service on the network, usually no for no special reason. Set Yes only if there is no host on the network providing wins service and this Samba server is required to provide wins service. Only one wins support and wins server can be selected

 

wins server

Syntax: wins server=;

Default: wins server = w.x.y.z

Note: set whether Samba server wants to use wins service provided by other hosts. Usually, no is set for no special reason. Set yes unless there is a host providing wins service on the network. Other wins support and wins server

For example: wins server = 192.168.0.1 indicates that Samba server needs to use the wins service provided by 192.168.0.1

 

#============================== Share Definitions =============================

 

[homes]

        comment = Home Directories

        browseable = no

        writable = yes

        valid users = %S

 

The user’s own “home” directory. When the user logs in as a samba user, he / she will see his / her own home directory under the samba server. The directory name is the user’s own account.

 

[printers]

        comment = All Printers

        path = /var/spool/samba

        browseable = no

        guest ok = no

        writable = no

        printable = yes

 

Set the properties of print sharing resources in Samba server. Samba server can not only provide file sharing, but also print sharing.

 

[name of shared resource]

; = (parameter)

; = (parameter)

 

To provide shared resources, you must first enclose the resources to be shared with a [] symbol. Instructions and parameters are usually provided below to indicate the settings and access permissions of this resource. Details are as follows:

 

Comment ——– comment description

Path ———— the full path name of the shared resource. In addition to the correct path, the permissions of the directory should also be set

Browseable —— yes / no no displays the shared directory in the browse resource. Otherwise, the shared path must be specified for access

Printable —— yes / no no print allowed

Hide dot ftles — yes / no no hide hidden files

Public —— yes / no no no public share, if not, authentication (this only works when security = share)

Guest OK ——– yes / no no no public sharing, otherwise authentication (this only works when security = share)

Read only —— yes / no no share as read-only. In case of conflict with writable, writable shall prevail

Writable ——- yes / no no no do not share in read-only mode

Failed users —— set that only users in this list can access shared resources (deny priority) (user name / @ group name)

Invalid users – set that only users in this list cannot access shared resources (deny priority) (user name / @ group name)

Read list —— set the members in this list as read-only (user name / @ group name)

Write list —— if it is set to read-only, only members in the list set can write (user name / @ group name)

Create mask — permission given when creating a file

Directory mask — permissions given when creating a directory

Force group —— when accessing resources, users of this set group must enter to access (user name / @ group name)

Force user —— when specifying access to resources, the set user must enter to access (user name / @ group name)

Allow hosts: set that only users of this network segment / IP can access shared resources

Allwo hosts = segment except IP

Deny hosts —— set that only users of this network segment / IP can not access shared resources

Allow hosts = IP specified for this network segment

Deny hosts = specify IP specify I

 

 

3: Samba shared directory configuration instance

1: Allow anonymous users to read / Jishu directory

[[email protected] ~]# vi /etc/samba/smb.conf

Add at the end:

[jishu]

comment=jishu

path=/jishu

public=yes

read only=yes

 

2: Allow anonymous users to read and write / Jishu directory

[[email protected] ~]# vi /etc/samba/smb.conf

Add at the end:

[jishu]

comment=jishu

path=/jishu

guest ok=yes

writable=yes

 

3: Only users of ABCD users and groups access / ABCD directories

[jishu]

comment=jishu

path=/jishu

valid [email protected],zhangsan

public=no

create mask=0765

broseable=no

 

4: Only users of Zhangsan and group technology are allowed to read and write / ABCD directories

[jishu]

comment=jishu

path=/jishu

valid [email protected],zhangsan

public=no

writable=yes

 

3: Samba server configuration instance 1: Samba server configuration at share level

1: Installing packages on the server side

[[email protected] ~]# yum -y install samba samba-client

 

2: Create shared directory

[[email protected] ~]# mkdir /jishu

[[email protected] ~]# chmod -R 757 /jishu

 

3: Edit profile

(1) Samba server configuration at share level

Do not provide user name and password to access

 

[[email protected] ~]# vi /etc/samba/smb.conf

[global]

        workgroup = workgroup

        security = user

Map to guest = bad user \ \ the new version of samba has cancelled the share level service. This parameter is required

        netbios name = rhel

        passdb backend = tdbsam

        max log size = 50000

        log file =/var/log/samba/log.%m

 

 

[jishu]

comment=jishu

path=/jishu

public=yes

writable=yes

 

 

4: Set the Boolean value of SELinux for / Jishu directory or disable SELinux

[[email protected] ~]# semanage fcontext -a -t samba_share_t ‘/jishu(/.*)?’

 [[email protected] ~]# restorecon -vvFR /jishu

restorecon reset /jishu context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

restorecon reset /jishu/aaaaa context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

 

5: Set firewall (set firewall policy or turn off firewall)

[[email protected] ~]#firewall-cmd –permanent –zone=public –add-service=samba

[[email protected] ~]#firewall-cmd –reload

 

6: Open service

[[email protected] ~]# systemctl start smb

[[email protected] ~]# systemctl start nmb

7: Windows client test

Enter the IP address of the \ \ server directly during operation

8: Linux client

(1) Install client package

[[email protected] ~]# yum -y install samba-client

(2) Show shared resources on Samba server

[[email protected] ~]# smbclient -L192.168.10.202

Enter root’s password:

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

 

          Sharename       Type      Comment

          ———       —-      ——-

          jishu           Disk      jishu

          IPC$            IPC       IPC Service (Samba 4.4.4)

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

 

          Server               Comment

          ———            ——-

          RHEL                 Samba 4.4.4

 

          Workgroup            Master

          ———            ——-

          WORKGROUP  

 

(3) Mount

[[email protected] ~]# mkdir /mnt/jishu

[[email protected] ~]# mount -o username=root //192.168.10.202/jishu /mnt/jishu

Password for root @ / / 192.168.10.202/jishu: empty password

[[email protected] ~]#

[[email protected] ~]#

[[email protected] ~]# cd /mnt/jishu

[[email protected] jishu]# ls

New folder new text document.txt

 

4: Samba server configuration instance 2: Samba server configuration at user level

1: Installing packages on the server side

[[email protected] ~]# yum -y install samba samba-client

 

 

3: Create system user

[[email protected] ~]# useradd zhangsan

 

 

[[email protected] ~]# passwd zhangsan

Changing password for user zhangsan.

New password:

BAD PASSWORD: The password is a palindrome

Retype new password:

passwd: all authentication tokens updated successfully.

 

4: Create Samba account

[[email protected] ~]# smbpasswd -a zhangsan

New SMB password:

Retype new SMB password:

Added user zhangsan.

2: Create shared directory

[[email protected] ~]# mkdir /jishu

[[email protected] ~]# chown -R zhangsan:zhangsan /jishu

 

3: Edit profile

[[email protected] ~]# vi /etc/samba/smb.conf

[global]

        workgroup = workgroup

        security = user

        netbios name = rhel

        passdb backend = tdbsam

        max log size = 50000

        log file =/var/log/samba/log.%m

 

 

[jishu]

comment=jishu

path=/jishu

public=no

writable=yes

write list = @jishuzu,zhangsan

 

4: Set the Boolean value of SELinux for / Jishu directory or disable SELinux

[[email protected] ~]# semanage fcontext -a -t samba_share_t ‘/jishu(/.*)?’

 [[email protected] ~]# restorecon -vvFR /jishu

restorecon reset /jishu context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

restorecon reset /jishu/aaaaa context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

 

5: Set firewall (set firewall policy or turn off firewall)

[[email protected] ~]#firewall-cmd –permanent –zone=public –add-service=samba

[[email protected] ~]#firewall-cmd –reload

 

6: Open service

[[email protected] ~]# systemctl start smb

[[email protected] ~]# systemctl enable smb

[[email protected] ~]# systemctl start nmb

[[email protected] ~]# systemctl enable nmb

7: Windows client test

Enter the IP address of the \ \ server directly during operation

Test read and write permissions

8: Linux client

(1) Install client package

[[email protected] ~]# yum -y install samba-client

(2) Show shared resources on Samba server

[[email protected] ~]# smbclient –L 192.168.10.202

Enter root’s password:

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

 

          Sharename       Type      Comment

          ———       —-      ——-

          jishu           Disk      jishu

          IPC$            IPC       IPC Service (Samba 4.4.4)

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

 

          Server               Comment

          ———            ——-

          RHEL                 Samba 4.4.4

 

          Workgroup            Master

          ———            ——-

          WORKGROUP  

(3) Log in to Samba server as Zhangsan

[[email protected] ~]# smbclient //192.168.10.202/jishu -U zhangsan

Enter Zhangsan’s password:

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

smb: \> ls

  .                                   D        0  Wed Mar 29 09:59:02 2017

  ..                                 DR        0  Wed Mar 29 09:50:22 2017

New folder d 0 wed Mar 29 09:59:02 2017

 

95427048 blocks of size 1024. 92237564 blocks available

smb: \> exit

(4) Mount

[[email protected] ~]# mkdir /mnt/jishu

[[email protected] ~]# mount -o username=zhangsan,password=aaa //192.168.10.202/jishu /mnt/jishu

[[email protected] ~]#

[[email protected] ~]#

[[email protected] ~]# cd /mnt/jishu

[[email protected] jishu]# ls

New folder new text document.txt

 

[[email protected] jishu]# df

Filesystem             1K-blocks    Used Available Use% Mounted on

/dev/mapper/rhel-root   52403200 3162356  49240844   7% /

devtmpfs                  917760       0    917760   0% /dev

tmpfs                     933632     140    933492   1% /dev/shm

tmpfs                     933632    9692    923940   2% /run

tmpfs                     933632       0    933632   0% /sys/fs/cgroup

/dev/sda1                1038336  176556    861780  18% /boot

/dev/mapper/rhel-home   49250820   41208  49209612   1% /home

tmpfs                     186728      28    186700   1% /run/user/0

/dev/sr0                 3704296 3704296         0 100% /media/cdrom

//192.168.10.201/jishu  95427048 3212024  92215024   4% /mnt/jishu

 

 

5: Use both user level and share level

Access to Jishu directory requires authentication; access to it directory does not require authentication

[[email protected] ~]# vi /etc/samba/smb.conf

[global]

        workgroup = workgroup

        security = user

        netbios name = rhel

map to guest = Bad User

        passdb backend = smbpasswd

        max log size = 50000

        log file =/var/log/samba/log.%m

        encrypt passwords = yes

        smb passwd file = /etc/samba/smbpasswd

username map = /etc/samba/smbusers

 

[jishu]

comment=jishu

path=/jishu

public=no

writable=yes

 

[it]

comment=it

path=/it

public=yes

writable=yes

 

 

 

[[email protected] ~]# systemctl restart smb

 

 

6: Samba server advanced configuration

1: Set Samba encryption password

(1) Make sure the samba server is user safe

[[email protected] jishu]# vi /etc/samba/smb.conf

[global]

        workgroup = workgroup

        security = user

        netbios name = rhel

        passdb backend = smbpasswd

        max log size = 50000

        log file =/var/log/samba/log.%m

        encrypt passwords = yes

        smb passwd file = /etc/samba/smbpasswd

 

(2) Restart Samba service

[[email protected] jishu]# systemctl restart smb

[[email protected] jishu]# systemctl restart nmb

 

(3) Create Samba account

[[email protected] jishu]# useradd -s /sbin/nologin lisi

[[email protected] jishu]# smbpasswd -a lisi

New SMB password:

Retype new SMB password:

Added user lisi.

[[email protected] jishu]# cat /etc/samba/smbpasswd

lisi:1002:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:E24106942BF38BCF57A6A4B29016EFF6:[U          ]:LCT-58DB208C:

 

2: Mapping Samba user accounts

(1) Edit profile

[[email protected] ~]# vi /etc/samba/smb.conf

[jishu]

comment=jishu

path=/jishu

public=no

writable=yes

username map = /etc/samba/smbusers

 

(2) Create user account mapping file

[[email protected] ~]# vi /etc/samba/smbusers

lisi=lisi2

(3) Restart service

[[email protected] ~]# systemctl restart smb

[[email protected] ~]# systemctl restart nmb

(4) Client test

[[email protected] jishu]# smbclient //192.168.10.202/jishu -U lisi2

Enter lisi2’s password:

Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4]

smb: \> ls

  .                                   D        0  Wed Mar 29 09:59:02 2017

  ..                                 DR        0  Wed Mar 29 09:50:22 2017

New folder d 0 wed Mar 29 09:59:02 2017

 

               95427048 blocks of size 1024. 92214644 blocks available

 

 

 

 

7: Manage Samba server

1: Show current connection Report

Use the smbstatus command to display the current connection Report

 

 

 

 

[[email protected] ~]# smbstatus -b

 

Samba version 4.4.4

PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing             

—————————————————————————————————————————————-

54463   lisi         lisi         192.168.10.10 (ipv4:192.168.10.10:49277)  SMB2_10           –                    –                   

54473   lisi         lisi         192.168.10.202 (ipv4:192.168.10.202:50954) NT1

 

 

2: Manage Samba user database

Use the pdbedit command to manage user accounts in the sam database.

 

Pdbedit command options meaning:

-50: List all user accounts in the samba user database

-u: Specify the user name to use

-v: Enable verbose list format

-h: Specify the user’s home directory network path

 

Example: list the accounts of all Samba user databases

[[email protected] ~]# pdbedit -L

lisi:1002:

 

Example: create the samba user account Wangwu (you can log in to Samba with Wangwu for testing)

[[email protected] ~]# useradd -s /sbin/nologin wangwu

[[email protected] ~]# pdbedit -a -u wangwu

[[email protected] ~]# pdbedit -L

lisi:1002:

wangwu:1003:

Recommended Today

Chrome / Firefox browser cross domain mode

Sometimes when debugging code locally, cross domain is not set for the code. At this time, cross domain can be realized by setting the browser. Under mac chrome 1. Close chrome, right-click in the program dock to close completely 2. Open terminal 3. Enter the command open -a “/Applications/Google Chrome.app” –args –disable-web-security  –user-data-dir=/Users/yourname/chromeDevUserData/ Firefox Use […]