http://27068627.blog.hexun.com/100804521_d.htm
Learn some basics first.
At the heart of samba are two daemons, the smbd and nmbd programs, that run continuously between server startup and shutdown.
All configuration information used by Smbd and nmbd is stored in the smb.conf file. Smb.conf tells the smbd and nmbd daemons what to output to share,
to whom and how to share the output. The role of the Smbd process is to handle incoming SMB packages,
negotiating with Linux to use the package's resources, and the nmbd process enables other hosts (or workstations) to browse the Linux server.
If you use rpm to install, you can start samba without service smb start, but with service nmbd start and service smbd start.
In the smb.conf file, the comment line starts with "#", and each Chinese and English letters are case-insensitive. Add
"\" at the end of the last character of a line to divide a line into multiple lines. Lines starting with ";" are the configuration that can be changed. When the ";" is removed, the configuration will take effect.
[global] (the setting of global parameters, it has a great influence on the function of samba, mainly used to set the whole system rules.
workgroup= this is your domain in windows.
server string= this is to see you in windows Explanation of samba.
netbios name = preferably your machine name, if you uncomment the sentence, the default is your LINUX machine name, however, it is best to fill in
dos charset=cp936
unix charset=cp936 plus this Two sentences can display Chinese correctly.
hosts allow List of linux-samba hosts allowed to log in. It is given by IP address. Multiple IP addresses are separated by spaces. Hosts not in the list will not be able to get the services provided by samba, which is also an aspect of network security.
printcap name Specifies the address of the printcap file, usually /etc/printcap, which contains the configuration information of the linux printer.
When load printers allows the use of shared printers, the default is yes.
printing If the printer used is non-standard, the printer system type should be indicated.
log file = /usr/local/samba/var/log.%m
max log size = 0
The above two lines are the relevant definitions of Samba logs. The location of the record file is /var/log/samba/%m.log. The installation directory is different, and the log is different. The latter one is to define the size of the log record file, in KB. If it is 0, it will not be. size limit.
guest acount The guest account, indicating which Linux user is used as the desired client connection, defines the default user account of Samba, which must be in /etc/passwd.
security Specifies the security mode. Most users use user-level security mode, and samba authenticates with a local linux password file.
security = security_level
defines the security level of Samba, which is divided into four levels from low to high: share, user, server, domain. Their corresponding authentication methods are as follows:
share: no security level, any user can access resources on the server without a username and password.
user: The default configuration of samba requires users to provide a user name and password for authentication before accessing a shared resource.
server: Similar to the user security level, but the username and password are submitted to another server for verification, such as an NT server. If the submission fails, it will fall back to the user security level.
domain: This security level requires that there is a Windows primary domain controller on the network, and samba submits the username and password to it for verification.
The latter three security levels all require the user to have a system account on the linux machine. Otherwise, it is inaccessible
smb passwd file=/etc/samba/smbpasswd (set the location of the smb password file)
username map =/etc/smbusers
encrypt passwords =no When using plaintext password verification, if it is encrypted, change it to yes
I remember one day in a month, I made a decision to install any package using only source code, not rpm. Although it is very troublesome, it is somewhat helpful to understand the internals of linux.
First, we create a document, install and configure samba, and write tutorials.
Download the latest source package of samba from www.samba.org. I downloaded samba-3.0.7.tar.gz and put it under /root/lova/samba in my directory.
tar -zxvf samba-3.0.7.tar.gz Unzip to get samba-3.0-7
cd samba-3.0.7
cat README Read the instructions first, but unfortunately the E text is too bad, I don’t understand it well, just install it directly.
find . -name configure
./source/configure is originally hidden in this
cd source/
mkdir /usr/local/samba to create an installation directory
./configure --prefix=/usr/local/samba/ Install to /usr/loca/samba
make && make install
cd /usr/local/samba/ Go to the installation directory to see
ls
bin include lib man private sbin swat var The installation is successful , how come there is no etc directory and smb.conf file, then I will create a
[root--/usr/local/samba]mkdir etc
[root--/usr/local/samba]cp ~/love/samba/samba- 3.0.7/examples/smb.conf.default ./etc/smb.conf
Ok now let's look at our target.
1. There is a shared directory, which can only be read and cannot be changed.
Second, there is a shared directory, anyone can make any changes, including adding directory files, deleting directory files.
3. Each user can see his own home directory, other users can't see it, and of course can't make changes.
4. There is a shared directory, people in group A can make any changes, people in group B can only read it, and people in group C can't see it.
5. Each user can use the printer after logging in. (fail).
Objective 1 Method 1
[root--~]cd /usr/local/samba/etc/
[root--/usr/local/samba/etc]cp smb.conf beifen Make a backup to avoid making mistakes.
Modify smb.conf,
workgroup = MSHOME to the workgroup where your linux is located
security = share open share
add
[read1]
comment = read1
path = /home/read1
public = yes
guest ok = yes
writable = yes
create shared directory
whoami
root
umask
0022
mkdir /home/read1
cd !$
cat >; linux
hi linux
ll /home/read1/
total usage 4
-rw-r--r-- 1 root root 9 October 24 11:20 linux
644
adduser nxgz ; passwd !$ ; create system user
[root-- ~]/usr/local/samba/bin/smbpasswd -a nxgz Add this user as a samba user
Can't load /usr/local/samba//lib/smb.conf - run testparm to debug it What went wrong, It seems that there is no smb.conf under lib, then I will add it
[root--~]cp /usr/local/samba/etc/smb.conf /usr/local/samba/lib/
[root--~]/usr/local/samba/bin/smbpasswd -a nxgz Add samba user successfully
New SMB password:
Retype new SMB password:
startsmbfilepwent_internal: file /usr/local/samba//private/smbpasswd did not exist. File successfully created.
Added user nxgz.
[root--~]service iptables stop
Clear all chains: [OK]
Delete user-defined chains: [OK]
Reset built-in chains to default "ACCEPT" policy: [OK]
[root--~]service network restart
is shutting down interface eth0: [OK]
Shutting down loopback interface: [OK]
Setting network parameters: [OK]
Popping loopback interface: [OK]
Popping up interface eth0: [OK]
[root- -~]/usr/local/samba/sbin/smbd -D Start two processes of samba
[root--~]/usr/local/samba/sbin/nmbd -D go
to win-xp, open the computer, Find the address, enter \\linux host name, you can find the shared directory read, success.
Method 2
Add the following at the end of smb.conf
[read2]
comment = read2
path = /home/read2
public = yes
read only = yes
mkdir /home/read2 ; cd !$ ; cat >; linux ; chmod -R 777 /home/read2 ; create shared directory and modify permissions
then
service iptables stop
service network restart
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
under win-xp we cannot see our shared read2.
There may be a problem with smb.conf, let's check it with the testparm tool.
[root--~]testparm
bash: testparm: command not found No full path entered.
[root--~]/usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba//lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[read]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
is that there is no read2, let's take a closer look at the first line, Load smb config files from /usr/local/samba//lib/smb.conf, it seems that the testpart tool is based on The smb.conf under lib/smb.conf is completely different from the smb.conf under etc. Because we added read2, we can copy and overwrite it
cp -f /usr/local/samba/etc/ smb.conf /usr/local/samba/lib/
then
service iptables stop
service network restart
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
can return to win-xp Found, haha, well, although its permission is 777, it is controlled by read only and cannot be deleted or added.
Objective 1 is successful
. Because every time we modify /usr/loca/samba/etc/smb.conf, we have to
cp -f /usr/local/samba/etc/smb.conf /usr/local/samba/lib/
and then
service iptables stop
service network restart
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
we can write a shell
emacs samba.sh
cp -f /usr/local/samba/etc/smb.conf /usr /local/samba/lib/
service iptables stop
service network restart
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D After
modification, you can start
1, sh samba.sh
2 , sh < samba.sh
3, chmod 777 samba.sh
mv samba.sh ~/bin
samba.sh
These three methods are fine.
Goal 2, the
above remains the same, add
[write]
comment = write
path = /home/write
public = yes
guest ok = yes
writable = yes at the end of smb.conf
mkdir /home/write ; cd /home/write ; cat >;linux ; chmod -R 777 /home/write/ ;sh < samba.sh to create a shared directory file, open permissions, restart the service
to the read directory under win-xp Can read, can delete, add, change the original file in write, target 2 is completely correct. Let's try the Chinese problem again. Open the write directory of linux under win-xp, find and edit linux, add Chinese, and create a Chinese directory under the write directory. Let's go back to linux to see if the result can display Chinese normally. As a result, the Chinese of linux can be displayed normally, and the Chinese directory is garbled. Think about how to solve it. Add dos charset=cp936 unix charset=cp936
in [global] of smb.confr I added it to the following of security = share, open write in win-xp and add the Chinese directory, go back to linux and see that the Chinese target can be correctly identified 3. Create several more samba users. adduser sambau001 ; passwd !$ ; /usr/local/samba/bin/smbpasswd -a sambau001 Use the above method to add sambau002 and sambau003 users to su to these users respectively, add the file linux, then modify smb.conf and change security = to user , please restart win this time, because the user is added, then you can enter the user and password, and you can see your own directory. My home is as follows [homes] comment = home
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
Enter with a user, create a file and a directory under win-xp, create another file in the directory, and use this user to enter yourself in linux You can see the file directory created just now, the file permissions conform to 664, and the directory permissions conform to 775.
Goal 3 was successful.
Goal 4,
create 3 groups
groupadd sambag001 ; groupadd sambag002 ; groupadd sambag003
usermod -g sambag001 sambau001 ; usermod -g sambag002 sambau002 ;
mkdir share; cd share/; cat >; linux ; chmod -R 777 /home/share/ open permissions, controlling it in smb.conf
requires user r in group sambag001, user rw in group sambag002, and user r in group sambag003 User no
add the following
[share]
comment=share
path=/home/share
public=no
valid users=@sambag001, @sambag002 in smb.conf
invalid users = @sambag003
write list = @sambag002
and try it under win-xp, if it is
not listed successfully, you cannot enter.
Among them, only the r authority is listed with valid userd. If a ; sign is added before the write list, then the users in sambag001 and sambag002 can only be viewed.
Wherein [] is the specified share name, which is generally the name of the folder that can be seen in Network Neighborhood.
comment refers to a comment on the change share.
path specifies the shared path
allow hosts and deny hosts are the same as the previous global settings and will not be mentioned here.
writeable specifies whether the directory is writable by default.
User sets all the users who may use the shared resource. You can also use @group to represent all members of the group, and separate items with spaces or commas.
valid users specifies the users and groups that can see the shared resource.
invalid users specifies users and groups that cannot see the shared resource.
read list Specifies users and groups that can only read the shared resource.
write list specifies the users and groups that can read and write the shared resource.
admin list specifies the users and groups that can manage the shared resources (including read and write and permission grants, etc.).
public indicates whether the shared resource can be accessed by the guest account. This switch is sometimes called guest ok, so guest ok = yes in some configuration files is actually the same as public = yes.
create mode specifies the attributes of the newly created file, usually 0755.
directory mode specifies the attributes of the newly created directory, usually 0755.
force user forces who is the owner of the created file. If I have a directory that the guest can write to, then the guest can delete it. If I use force user=grind to force the owner of the created file to be grind, and limit create mask = 0755, the guest cannot delete it.
browseable Specifies whether other users can browse the user's home directory. Of course, it is not allowed, so it is set to no.
When writable enables the user to read and write files in the home directory when accessing the directory, the value is yes, and it should be set to no when only the read permission is allowed.
Xp access linux successfully, try again linux access xp
use #smbclinet "\\\\nxgz\ shared directory name"
to log in to the windows host nxgz like telnet or ftp, when you are asked to enter the password, enter the password.
Then smb:\>; appears
because the source code installation of the following tool command is unsuccessful. {{
smbmount //test/share /pub linux mounts the windows directory
mount -t smbfs -o username=windows host login name, password=corresponding password //PC-NAME/SHARE-DIR /mnt/tmp
smbmount //testsamba/ pub pub linux is shared with linux
Add the corresponding directory and user
1, add users one by one,
log in as the root user, add a Linux user, and set a password:
adduser smbuser
passwd smbuser
Add the user smbuser to the Samba server user and set the password:
smbpasswd -a smbuser
2, add all users in the system #vi
/etc/passwd (delete some users you don’t need or you don’t know)
# cat / etc/passwd │ mksmbpasswd.sh >; /etc/samba/smbpasswd (add the linux local user to the smb user)
#smbpasswd test (set the smb access password of the test user)
#/etc/rc.d/init. d/smb restart (restart samba)
3, add a part
#smbadduser linuxname:2000name #Add
users to specify password for each user with smbpasswd, the format is as follows: (must be Root)
smbpasswd userid:passwd userid2:passwd2 ...... }}