First, and ftp difference
ftp advantages and disadvantages:
Advantages: file transfer, application layer protocol, cross-platform
Disadvantages: can only file transfer, can not achieve the file system mount; can not modify files directly on the server side
Samba features:
Use smb / cifs protocol, cross-platform, enabling file system mount, enabling the server to modify the file
Two, Samba service Detailed
Protocols: SMB / CIFS
Services: smb share resources, rights verification port: TCP 139 445
Profile: (/ etc / Samba /)
Smb.conf main configuration file
Smbusers alias configuration file
Login authentication mode (security level)
(1) share anonymous authentication
(2) user local user authentication.
Using a local user account, set up a separate Samba password
pdbedit -a username samba new users (users of the system corresponding to the converted user Samba)
pdbedit -x username deleted user
pdbedit -L lists the Samba user list, read passdb.tdb database file
(3) the alias user access (virtual users)
A common configuration parameters to explain
[Global] used to define the overall characteristics of the Samba server, which is valid on all shared resources workgroup = WORKGROUP # Set the working group Samba Server to be added or domain. server string = Samba Server Version %v # Set the comment Samba Server, which can be any string, you can not fill. Macro % v represents the Samba version number is displayed. interfaces = lo eth0 192.168.12.2/24 # Set Samba Server which monitor card, you can write the name of the card, you can also write the IP address of the network card. hosts allow = 127. 192.168.1. 192.168.10.1 # Indicates Samba Server allows connections to clients, a plurality of parameters separated by a space. IP can be a representation, you can also use a network representation. hosts allow hosts deny the opposite (alternative). E.g: the allow the hosts = 172.17 . 2 . EXCEPT172. 17.2 . 50 indicates allowable from 172. 17.2 . *. * is connected to the host, but excluding 172. 17.2 . 50 the hosts the allow = 172.17 . 2.0 / 255.255 . 0.0 indicates allowable from 172. 17.2 . 0 / 255.255 . 0 all connected hosts subnet .0 log file = /var/log/samba/log.%m # Set the log file storage location and name of the Samba Server log file. After the file name plus macro % m (hostname) indicate that access to each Samba Server machine are separate records a log file. max log size = 50 # Set the maximum capacity Samba Server log files, in units of kB, 0 means unlimited security = user # Set the user access authentication of Samba Server. passdb backend = tdbsam load printers = yes/no # Set whether to start Samba shared printers
[Homes] is used to set the user's home directory attribute shared (shared special) [Homes] # shared name (special share, refers corresponding to each user's home directory) the Comment = Home Directories # shared description browseable = if no # sharing can be viewed Writable = if yes # shared writable ; Valid Users =% S # of users allowed to access the shared For example: Users Valid = Bob, Bob @ (a plurality of intermediate user or group separated by commas, if you want to join a group with a "group name @" indicates.)
[Printers] to set the printing attributes shared resource (shared special , shared printing equipment, and now basically no) [Printers] # shared name Comment = All shared described Printers # path = / var / spool / Samba share path # browseable = if no # sharing can be viewed the ok the Guest = NO # whether anonymous access, similar to the public Writable = if no # writable Printable = yes # if you can print
[custom] custom shared area [Custom] # shared name Comment = The described Share Share # IS XBZ path = / Share / ZDY share path # public = yes # if anonymous access, similar to the guest ok browseable = if yes # Sharing can be viewed Writable = yes # is writable (W also set directory) Configuration File Checker tool testparm: If the display " . Loaded the OK File Services " information indicates the configuration file syntax is correct -v: show all options supported by samba
Access control
Write access control (similar to vsftp of limitation):
◆ open the configuration file, the file system tightly controlled (as far as possible this)
writable = yes
setfacl or chmod 777
◆ file system is turned on, the profile and strictly control
chmod 777 / dir
read only = yes
write list = user @ group
Client login
Linux end:
smbclient -U username -L // server IP # View server share
smbclient -U username // server ip / share name # login server share
Window end
\\ server ip \ share name
net use * / del # empty the cache Login
Three, Samba deployment experiment
Note: turn off the firewall on the server and client and SELinux
Deployment process:
1. The server installed samba
yum -y install samba
2. Make sure the client and the associated command packages are installed (installed by default)
rpm -q samba-client
rpm -q samba-common
3. Create a shared area
Backup master configuration file
Create a separate sharing sections (modeled on the template to write)
4. Start the smb service and view the default shared area
a、service smb start
b, smbclient -U username -L smbserverIP
Local Authentication (login, upload, download)
a, modify the configuration file (add custom share)
[customize]
comment = the share is xbz
path = /share/zdy
public = yes
browseable = yes
writable = yes
b, create a shared directory and given the appropriate permissions
mkdir /share/zdy
chmod 777 / share / zdy # best use ACL permissions
c, test configuration file and restart the service
testparm
service smb restart
d, first of all, to create a Linux user
useradd -s /sbin/nologin zhangsan
passwd zhangsan # do not need to create a system password
e, the user is converted to samba
pdbedit -a zhangsan
f, client and log in to view the shared folders test
smbcient -U zhangsan -L IP address
smbclient -U zhangsan // IP address / share name
Note: Due to the default permissions of the uploaded file is not set, specify the user to upload a file that only you can modify and coverage.
Access control - through configuration restrictions
allows only partially valid users to share access area
Note: This requires that the specified directory permissions to the maximum to achieve results by modifying the configuration file
Some users log on samba server
Modify the custom in the shared region /etc/samba/smb.conf
Add: Set a legitimate user list
valid users = user @ group (s separated by commas)
Some users have write access to the shared area
Modify the custom in the shared region /etc/samba/smb.conf
Add: open read-only, write a list of settings
read only = yes
write list = lisi
Set the default permissions to upload files
The default file permissions create mask
The default directory permissions directory mask
Modify the configuration file to customize the shared area
Add to:
create mask = 666
directory mask = 777
User alias ( virtual user) )
1) add an alias (/ etc / samba / smbusers)
Add: zhangsan = zs
2) Enable Alias (modifying the master configuration file)
vim /etc/samba/smb.conf
添加:username map = /etc/samba/smbusers
3) Testing
smbclient -U alias // server ip / share name
Mapped network drives ( mount) )
Under Linux:
Temporary mount:
mount -t cifs -o username = xxx, password = xxx // server ip / server shared / local mount directory
Permanent mount: / etc / fstab
// server ip / server shared / local directory mount cifs defaults, username = xxx, password = xxx 0 0
Window follows:
My computer, the computer, this computer, this computer and other right-mapped network drives [Note that the backslash \]