One. The origin of SAMBA
For Windows Network Neighborhood, the way to share files uses the SMB and CIFS protocols and the NETBIOS protocol between Linux / Unix is the NFS protocol.
But Linux and Windows cannot be shared, so Andrew Tridgell of the Australian National University decided to develop a software, this software is to achieve the sharing of files between different systems, so a software called SMB is empty It was born, but this name cannot be registered as a trademark, because there is already an SMB agreement, so the author adds two As to the name, and it becomes the powerful file sharing server we will use:
SAMBA
two. How SAMBA works
SAMBA mainly provides SMB / CIFS or NETBIOS protocol.
So as long as you use SAMBA, you can make Linux appear in Windows's network neighborhood, or let Windows file share on Linux-
Once installed on Linux, there are two main processes:
1.nmbd: Provides NETBIOS name resolution
2.smdb: provides file sharing.
And because the NETBIOS protocol listens to TCP port 139 and UDP port 137,138 for windows, nmbd simulates udp ports 137 and 138 on Linux, and tcp port 139, and smdb simulates tcp port 445. SAMBA will monitor these 4 ports at the same time on Linux.
three. Meet SAMBA
SAMBA software starts with "samba"
samba-client
samba-common Both are used as clients
samba as a server
samba-swat A graphical control interface
After installation, its configuration file is in /etc/samba/smb.conf
The /etc/init.d/smb script realizes the control of SAMBA
For example: /etc/init.d/smb start
Small reminder: samba is a software that accepts selinux control, so you must close selinux when configuring
four. Install and simply configure SAMBA
1. Installation:
yum install samba -y
After the installation is complete, in the / etc / samba directory
The main configuration file is called smb.conf
Reminder:
All files starting with # in these files are comments, meaningless
Anything that starts with ";" is an option that can be removed to start
2. Configuration:
The configuration file is mainly composed of 4 segments:
1. Global configuration section [global]
2. Home directory section [homes]
3. Independent shared segment [printer]
4. Custom section [c_s]
Let's analyze it section by section
The first paragraph: [global]:
workgroup = MYGROUP defines the workgroup
server string = Samba Server Version% v This is used when you open it through Internet Neighborhood, what is the comment information
netbios name = XXX the name displayed in the terminal
security = user This item is very important. It is used to define the security level of SAMBA service. There are 4 security levels.
1.share: allow any anonymous user to directly access
2.user: default: each user must provide an account and password when accessing
3.domain / server: Usually means that the user's account and password are authenticated by a third party during authentication. Instead of directly certifying through the system, such as having a dedicated authentication server
4.ads: authenticated by the primary domain controller
passdb backend = tdbsam all SAMBA user authentication files are used to authenticate
load printers = yes whether to try to load the printer
cups options = raw Universal printing system, specify printing method
hosts allow = XX.XX.XX.XX defines the access control list
Second paragraph: [homes]:
comment = Home Directories information
browseable = no browse, if the user is not the owner of this directory, can you see this directory, no means only the owner can see
writable = yes Can I create new files in it?
Third paragraph: [printers]:
comment = All Printers
path = / var / spool / samba print pool
browseable = no
guest ok = no Is the printer public
writable = no
printable = yes
Fourth paragraph: we define our own: [tools]
Shared names are enclosed in square brackets
comment = My Tools
path = / share is used to define where the real directory is on the system directory
browseable = yes is browseable
guest ok = yes whether to allow guest account
writable = yes is writable
# write list = XXX Define a list to determine whether the user / group can be written. When defining a group, you need to use @group name
Fives. Use SAMBA
1. Easy to use
Whenever you modify the configuration file, you must check whether the file syntax is appropriate
Here, we use the testparm command: directly test the sam configuration file
When the test is completed and there is nothing to be modified and syntax errors.
Use: service smb start command to start the service
chkconfig smb on Set to start automatically at boot
netstat -ntlp check whether those 4 ports have been opened
At this point, on your Windows side, you should already be able to view it through Network Neighborhood:
All users who access files through samba must first be the system user, but the password must not be the user password. We can use the smbpasswd command to add the password to the samba user
Common options:
-a: add this user to samba
-x: delete a user from samba
-d: temporarily disable this user
-e: enable this user
For example: smbpasswd -a gentoo
----------------------------------------------------------------------------------
Small question: How to make centos unwritable, but gentoo writable?
In [tools]
Remove writable = XX
Definition write list = gentoo ## Define the talents in the list have write permission.
Small extension: the list permission here is greater than everything. If your directory is set with permission acl control, then here will directly ignore acl
-----------------------------------------------------------------------------------
2. Let's see how to access as the client in Linux
View and login commands of smbclient client
-L IP / HOST can display the sharing options of the other host
-U username View the share as this user
Its format is: smbclient // IP / dir -U username
such as:
smbclient -L 172.16.100.1 The other party requires a password. We confirm directly and visit anonymously to see what the other party shared
smbclient -L 172.16.100.1 -U redhat as gentoo
enter:
smbclient //172.16.100.1/tools -U redhat
This command allows us to log in to our shared directory as redhat.
Let us look at another way to achieve:
①. How to define two users to have write permission to the same directory through the group method
it's actually really easy:
As long as we add two users to the same group.
groupadd mygrp
usermod -aG mygrp gentoo
usermod -aG mygrp redhat
Edit configuration file
modify
write list = @mygrp (or + mygrp)
Here, if you add @ or + in front, followed by the group name, the system will automatically recognize the form of the group.
②. Define the access control list, indicating that only the people in which network segment are allowed to access
hosts allow = 127. 172.16.
This configuration command shows which segment of the network can be accessed
③. You can also directly mount the shared directory locally:
Mounting is actually very simple, but when mounting, you must make its file system cifs
mount -t cifs //172.16.100.1/tools /mnt -o username=redhat
When we mount it in redhat mode, the users of redhat are writable.
six. Graphical Samba
Samba also provides us with a graphical management interface.
The default port is 901, the software name is samba-swat
We install and use:
yum install samba-swat
samba-swat is a non-independent daemon, it depends on the super daemon xinetd
The configuration files of all non-independent daemons managed by the super daemon are in
/etc/xinetd.d/ directory.
There is a swat file in it
This file is to define whether to start with the system and the configuration information for startup
There are two more important options:
1. only_from: Define swat's access control list. The format is: 192.168.16.0/24
2. disable = yes is disabled, the default is yes, at this time we will modify to no
When set up, we start the service:
service xinetd start
Access through your own IE browser: 172.16.100.1:901
The user when logging in for the first time here is root
The password here is the password of the root system.
The configuration submitted here will modify sam.conf. And cover. And automatically restart the sam service
Of course, the most important thing is security. We need to change the password in the password. And username. If you decide to use it for a long time. Must be modified.
Seven. Conclusion
So far, all the relevant configuration and related usage methods of Samba have been introduced. If you find something wrong, you can PM me and I will fix it immediately. Of course, if you have any better methods, please tell me, we all make progress together.