SMB (Server Message Block), also known as CIFS (Common Internet File System), is an application-layer network transmission protocol. Microsoft and Intel jointly formulated SMB in 1987 to solve the problem of sharing resources such as files or printers in the local area network. Samba is an open source software based on the SMB/CIFS protocol. File sharing between the Linux operating system and the Windows operating system can be realized through a simple configuration.
Samba consists of two daemons, smbd and nmbd, and adopts a server/client model. In addition to providing file sharing and printer services for clients, the smbd process is also responsible for user permission verification and lock functions. The default listening port of smbd is 139 and 445 of the TCP protocol. Samba starts the smbd process through the smb service. Use netstat -nutlp to view the process port information. The nmbd process provides NetBIOS name service to meet the shared access environment based on the Common Internet File System (CIFS) protocol. Samba starts the nmbd process through the nmb service, which uses UDP port 137 by default.
1. Deploy samba server
1. Install samba.
yum -y install samba
2. Back up the main samba configuration file (optional operation).
cp -a /etc/samba/smb.conf /etc/samba/smb.conf.bak
3. Create a shared directory and modify directory permissions.
mkdir /samba
chmod -Rf 777 /samba
4. Edit the main samba configuration file /etc/samba/smb.conf and add the following information.
[samba]
comment = samba share
path = /samba
public = no
writable = yes
guest ok = no
5. Use the command pdbedit to create a user information database for accessing shared resources.
groupadd samba -g 3000
useradd lw -u 4000 -g 3000 -s /sbin/nologin
pdbedit -a lw
说明:
-u 4000:指定用户ID为4000。
-g 3000:指定用户的所属组ID为3000,指定的组必须先于用户创建。
-s /sbin/nologin:指定用登录的shell。
pdbedit命令用于管理SMB服务程序的用户信息数据库,常用参数及作用如下所示:
-a:建立Samba用户。
-x:删除Samba用户。
-u:指定本地用户。
-L:列出用户列表。
-Lv:列出用户详细信息的列表。
7. Restart the smb service and add it to boot.
systemctl restart smb
systemctl enable smb
2. Deploy the Windows 10 client
1. Use \192.168.10.10 to access the samba shared directory, and the following error message appears, because the Linux firewall is not closed or set.
2. Set or close the Linux firewall.
firewall-cmd --permanent --add-service=samba #默认区域添加samba服务
firewall-cmd --reload #重新加载防火墙
或
systemctl stop firewalld #关闭防火墙
systemctl disable firewalld #禁用防火墙
3. Use \192.168.10.10 to access the samba shared directory, enter the user name and password created in the samba server in the pop-up window, and click OK to enter.
4. Double-click the shared directory (samba), and an error message indicating that you do not have permission to access appears.
5. View and set the selinux boolean (boolean value) related to samba.
getsebool -a | grep samba #查看与samba相关的selinux Boolean
setsebool samba_export_all_ro=on #开启只读权限
setsebool samba_export_all_rw=on #开启读写权限
6. Double-click the shared directory (samba), enter the directory to create directories and files.
7. Open "This computer-Computer-Map network drive-Map network drive.
8. Select the drive number (X:), folder (\192.168.10.10\samba), and then click Finish.
