Article Directory
- 0-1 Experimental environment
- 0-2 Windows and Linux share files
- 1. Introduction to samba service
- 2. Samba basic information
- 3. Installation and activation of samba
- 4. Establishment of samba user
- 5. samba user access home directory
- 6. samba service shared directory
- 7. samba common configuration parameters
- 8. Samba+autofs auto mount and unmount
- 9. Samba multi-user mount (cifs)
0-1 Experimental environment
- Server side: node1===>192.168.43.101
- Client: node2===>192.168.43.111
0-2 Windows and Linux share files
- Windows host IP: 192.168.43.1
- New folder westos
- Open file properties===>Sharing===>Advanced sharing===>Shared folder===>Set share name
- File attributes ===>Share===>Arrow===>Select Everyone===>Add===>Share===>Finish
- Linux client: node2 host
smbclient -L //192.168.43.1/共享名称 -U administrator
1. Introduction to samba service
Samba is an implementation method of SMB, which is mainly used to implement file and print services of the Linux system. Linux users can share resources with Windows users by configuring and using the Samba server.
Samba is an open source software based on the SMB protocol (ServerMessage Block), and samba can also be a trademark of the SMB protocol. SMB is a protocol that can be used to share resources such as files and printers on Linux and UNIX systems. This protocol is based on a Client\Server protocol. The client can access shared resources on the Server through SMB. When Windows is the Client and CentOS is the server, Samba can be used to access Linux resources through Samba and realize data interaction between the two systems.
Samba is software that runs on unix/linux. It is divided into server-side and client-side, and realizes the functions described by the cifs protocol. For windows and unix/linux see file sharing
cifs: File sharing protocol on Windows, its predecessor is SMB protocol
2. Samba basic information
-
Service startup script
smb.service -
Main configuration directory
/ etc / samba -
Main configuration file
/etc/samba/smb.conf -
Security context
samba_share_t -
port 139、445
-
Installation package
samba:
samba-common:Toolkit
samba-client: Client
3. Installation and activation of samba
dnf search samba
: Finddnf install samba -y
: Server-side installation
dnf install samba-common -y
: Both server and client must be installed
dnf install samba-client -y
: Client-side installationsystemctl enable --now smb.service
: Start the samba service- Enable samba when the firewall is open::
firewall-cmd --permanent --add-service=samba
Permanently open samba in the firewall
firewall-cmd --reload
: refresh the firewall to make the settings take effect
- test:
smbclient -L //192.168.43.101
: List the shared files provided by the specified IP
(Please press Enter directly when you need to enter the root password)
4. Establishment of samba user
The samba user must be a local user
smbpasswd -a 用户名
: Add samba userpdbedit -L
: View the list of samba userspdbedit -x 用户名
: Delete samba user
5. samba user access home directory
setsebool -P samba_enable_home_dirs on
- Access under Windows
Windows + R ===> Enter \\192.168.43.101
run
- Access under Linux
smbclient -L //IP/共享名称 -U 用户名
: List the shared files provided by the specified IP
6. samba service shared directory
6.1 Sharing self-built directories
mkdir /westosdir
: Create a shared directorytouch /westosdir/file1
: Create filesemanage fcontext -a -t samba_share_t ‘/westosdir(/.*)?’
: Modify the Selinux security context of the shared directoryrestorecon -RvvF /westosdir
: Refreshcp /etc/samba/smb.conf.example /etc/samba/smb.conf
: Copy template filevim /etc/samba/smb.conf
: Add a shared directory
[LEE] #共享名称
comment = westos dir #共享说明
path = /westosdir #共享路径
systemctl restart smb.service
: Restart service
- Access shared files on the client:
smbclient //共享文件主机IP/共享名 -U samba用户名
: List the shared files provided by the specified IPmount -o username=samba用户名,password=密码 //共享文件主机IP/共享名 挂载目录
: Mount the file system
6.2 Shared system directory (you cannot directly modify the security context)
vim /etc/samba/smb.conf
: Modify the shared directory to the system directory
[LEE] #共享名称
comment = westos dir #共享说明
path = /mnt #共享路径
setsebool -P samba_export_all_ro on
: Modify the bool value (allow read sharing)getsebool -a | grep samba
: Query the bool value of Sambasystemctl restart smb.service
: Restart service
- Access shared files on the client:
smbclient //共享文件主机IP/共享名 -U samba用户名
: List the shared files provided by the specified IP
- Restore server-side settings
7. samba common configuration parameters
- Service-Terminal:
chmod 777 共享目录
: Modify shared directory permissionsvim /etc/samba/smb.conf
: Add or modify parameterssystemctl restart smb.service
: Restart service
- Client test:
mount -o username=sdsnzy1,password=sdsnzy1 //192.168.43.101/LEE /mnt/
7.1 All users can write
writable = yes
- Failed to create a file after the client is mounted!
- Modify permissions and configuration files on the server side, restart the service
- Client test: remount and write!
7.2 Writable by designated users
write list = users
- Modify the configuration file on the server side and restart the service!
- Client remount test:
7.3 Specified group can be written
write list = @User or +User
- Modify the configuration file on the server side and restart the service! (Add sdsnzy1 as an additional group of sdsnzy2, restore after the experiment is completed)
- Client remount test:
7.4 Designated access user
valid users = users
- Modify the configuration file on the server side and restart the service!
- Client remount test:
7.5 Specify Access Group
valid users = @User or +User
- Modify the configuration file on the server side and restart the service! (Add sdsnzy1 as an additional group of sdsnzy2, restore after the experiment is completed)
- Client remount test:
7.6 Whether to hide sharing
browseable = no: Do not show sharing
browseable = yes: Show sharing (default)
- When server-side settings do not show sharing, restart the service and client-side test:
- When the server-side setting shows the sharing, restart the service, and the client-side test:
7.7 Allow anonymous users to access
map to guest = bad user : Global settings (add in [gloabl])
guest ok = yes: Set in the share name
- Modify the configuration file on the server side and restart the service!
- Client anonymous mount test:
mount -o username=guest //192.168.43.101/LEE /mnt
: Anonymous mount
7.8 Designated host access (whitelist)
hosts allow = 192.168.43.111: Only the host can access (multiple host IPs are separated by spaces)
hosts allow = 192.168.43.: Only the hosts under this network segment can access (for example, 192.168.43.38;192.168.43.183...etc.)
7.9 Designated host access (blacklist)
hosts deny = 192.168.43.111: Only the host is forbidden to access (multiple host IPs are separated by spaces)
hosts allow = 192.168.43.: Prohibit access to hosts under this network segment
8. Samba+autofs auto mount and unmount
autofs: software that realizes automatic mounting and unloading on the client;
Mount is used to mount the file system. It can be mounted when the system is started or after the system is started. For local fixed devices, such as hard disks, you can use mount to mount; while file systems such as CDs, floppy disks, NFS, and SMB are dynamic, that is, they are only necessary to mount when needed. Optical drives and floppy disks are generally known when they need to be mounted, but NFS and SMB shares are not necessarily known, that is, we generally cannot know in time when NFS shares and SMB can be mounted. The autofs service provides this function, like the automatic opening function of the optical drive in windows, which can mount a dynamically loaded file system in time. Eliminate the trouble of manual mounting. To realize dynamic automatic mounting of CD-ROM, floppy disk, etc., relevant configuration is required.
8.1 Autofs client installation
dnf install autofs -y
8.2 Client configuration
vim /etc/auto.master
: Edit the configuration file
/mnt /etc/auto.samba
最终挂载点的上层目录 自动定义子策略文件
vim /etc/auto.samba
: Edit the automatically defined sub-policy file
samba -fstype=cifs,username=用户,password=密码 ://服务器端主机IP/共享目录
最终挂载点 挂载参数 挂载资源
vim /etc/autofs.conf
: Modify the default uninstall time
timeout = 3 #自动卸载时间默认为300秒
systemctl restart autofs.service
: Restart service
8.3 Client test
cd /mnt/samba
: Enter the mount point directorydf
: Found that it has been automatically mountedcd
: Exit the mount point directory, after 3s (waiting for the resource to be idle for timeout, the mounted resource is automatically unmounted)df
: After 3s, it is found that the mounting has been automatically cancelled
9. Samba multi-user mount (cifs)
If you use the normal mounting method on the client, people who have not used user authentication can also access the samba service, which is not safe
Only authenticated users can mount
9.1 Install samba authentication tool on client
dnf search cifs
:Inquire
dnf install cifs-utils.x86_64 -y
:installation
9.2 Client configuration
vim /root/smbauth
: Create and edit the password file of the mount user
username=sdsnzy1
password=sdsnzy1
vim /etc/auto.master
: Edit the configuration file
/- /etc/auto.cifs
最终挂载点的上层目录 自动定义子策略文件
vim /etc/auto.cifs
: Edit the automatically defined sub-policy file
/samba -fstype=cifs,credentials=/root/smbauth,sec=ntlmssp,multiuser ://192.168.43.101/LEE
credentials=/root/smbauth #指定认证文件(第一步编辑好的密码文件)
sec=ntlmssp #指定认证类型
multiuser #支持多用户
systemctl restart autofs.service
: Restart service
9.3 Client authentication
cifscreds add -u Samba用户 服务器端主机IP
: Add certificationcifscreds clearall
: Clear all authenticated userscifscreds clear -u Samba用户
: Clear the specified authenticated usercifscreds update -u Samba用户
: Update certification
experiment:
su - kiosk
: Switch to normal userls -l /mnt
: Unable to viewcifscreds add -u sdsnzy1 192.168.43.101
: Add certification- Can view and create files
- Switch to other ordinary users, no authentication can not be viewed, very safe! ! !