A, Samba introduced
Samba is a free software implementation of the SMB protocol on UNIX and Linux systems, consists of server and client programs.
SMB (Server Messages Block, service information block) is a communication protocol to share files and printers on the LAN, which provides a shared service resource files and printers among different computers within the LAN is. The SMB protocol is a client / server type protocol, clients can access the shared file systems on servers, printers and other resources through the protocol. By setting "NetBIOS over TCP / IP" not only allows Samba to share resources with local area network host, but also to share resources with the computer world.
CIFS: Common Internet File System Common Internet File System, is shared between windows host protocol, samba implement this agreement, it is possible to achieve file sharing between linux wondows and services.
SAMBA features:
File and print sharing, for online editors
to achieve SAMBA user login authentication
can be NetBIOS name resolution
peripheral device sharing
Two, Samba service
1, the relevant package
Samba smb provide services
Samba-client client software
samba-common common software
cifs-utils smb client tools
samba-winbind and AD-related
2, the service process
smbd provide smb (cifs) service; listening port TCP: 139,445
nmbd provide NetBIOS name solution; listening port UDP: 137,138
3, the configuration file
The main configuration file: /etc/samba/smb.conf (see help through man smb.conf)
Grammar checker: testparm [-v] [/etc/samba/smb.conf]
Client Tools: smbclient, mount.cifs
smb.conf configuration file: (# and; at the beginning of language called the comment, not case-sensitive)
[Global] # global settings
workgroup = name # specify the workgroup name
server = string # master comment information
netbios = name # specify the NetBIOS name
interfaces # designated service listens on interfaces and IP
hosts Host # allows you to specify the allow access to the host, the default allow all hosts to access, use commas, spaces , tab separated, such as the allow = 172.16 host. .example.com
host host # denied the deny access to specified hosts
config file = / etc / samba / conf.d /% U # separate user profile
log file = / var / log / samba / log.% m # log different clients with different
log level = 2 # log level, the default is 0, no logging
max log size = 50 # log file reaches 50K, Rotate the polling, the unit KB
Security three authentication way:
report this content share: anonymous (CentOS7 no longer supported)
the user: samba user (adopt a linux user, independent of samba password)
Domain: use DC (DOMAIN CONTROLLER) certification
passdb backend = tdbsam # password database format
[Homes] # user's home directory share
[Printers] # define the printer resources and services
[Sharename] #-defined configuration from the shared directory
[Share name] # remote network share name to see
comment # comment information
path # shared directory path
public # shared can be accessed by the guest, the default no, and guest ok similar
browsable # whether to allow all users to browse this share, default is yes, no hidden
writable = yes # can be read for all users, the default is NO
Read only NO = # equivalents and writable = yes, the conflict set as above, set to take effect on the back, read-only default
write list # three forms: user @ group name, group name +, with the partition as writable = no, the list of users or groups can read and write, read-only users not in the list of
valid users # specific user can access the shared, such as empty, will allow all users, user names separated by spaces
Macro definitions:
the NetBIOS name% m client host
% H current user's home directory path
% g current user belongs
% NetBIOS name L samba server
% T current date and time
% M client host the FQDN
% the U-current user username
hostname% h samba server
% I client IP host
user name% S can be registered
4, samba user management
Achieve samba users need to install samba-common-tools package, samba users must be Linux users, we recommend using / sbin / nologin
[root@centos7 ~]# yum install -y samba-common-tools
Add samba user
smbpasswd -a
pdbedit -a -u
Change password
smbpasswd
Delete user and password
smbpasswd –x
pdbedit –x –u
View samba user list
/var/lib/samba/private/passdb.tdb
pdbedit –L –v
View samba server status
smbstatus
5, smb client access
1. UNC path: (Universal Naming Convention, Universal Naming Convention) format: \\ sambaserver \ sharename
2. Under the login server using smbclient terminal
smbclient -L instructor.example.com
smbclient -L instructor.example.com -U smbuser
smbclient //instructor.example.com/shared -U smbuser
The -U% option to specify a user password, or specified by setting and exporting the environment variable USER and PASSWD
6, cifs mount the file system
1. manually mount
mount -o user=smbuser,password=centos //server/shared /mnt/smb
2. Boot automatically mount
cat / etc / fstab can replace user name and password of a file
//server/shared /mnt cifs credentials=/etc/smb.txt 0 0
Such as: //192.168.214.17/smbshare / mnt / CIFS Crendentials = smbshare / etc / smb.txt 0 0 (if it is needed to add sec = ntlmssp centos6 mount option)
cat /etc/smb.txt
username=smbuser
password=centos
chmod 600 /etc/smb.txt
Third, to achieve smb share
1, the experimental environment
System: CentOS7.6
Host: a server (192.168.214.17), a client (192.168.214.27)
Software: samba (server-side), cifs-utils (client), CD yum source
2, the implementation process
1 mounted on the package samba server
[root@centos7 ~]# yum install -y samba
2. Create samba users and groups
[root@centos7 ~]# yum install -y samba-common-tools #实现samba用户需要装此包 [root@centos7 ~]# groupadd -r smbgroup [root@centos7 ~]# useradd -s /sbin/nologin -G smbgroup smbuser1 [root@centos7 ~]# smbpasswd -a smbuser1 [root@centos7 ~]# useradd -s /sbin/nologin smbuser2 [root@centos7 ~]# smbpasswd -a smbuser2
3. Create samba shared directory, and set the SELinux
[the root @ centos7 ~] # mkdir / Data / smbshare [the root @ centos7 ~] # chgrp smbgroup / Data / smbshare [the root @ centos7 ~] # the chmod 2775 / Data / smbshare # Here is SELinux settings, SELinux off without providing [ @ centos7 the root ~] # samba_share_t the semanage fcontext -a -t ' /data/smbshare(/.*)? ' [centos7 the root @ ~] # the restorecon -vvFR / Data / smbshare
4. samba server configuration
[centos7 the root @ ~] # Vim / etc / Samba / the smb.conf # in [Global] option, set the following two, if the default option, then do not change Security = User passdb backend = tdbsam # Here is the custom share configuration [smbshare] path = / the Data / smbshare writeable = NO the write List = @smbgroup #writeable = NO only when the user smbgroup group have write permission
5. Start the samba service
[root @ centos7 ~ ] # systemctl Start smb nmb [root @ centos7 ~ ] # systemctl enable smb nmb # Set boot # The following is the firewall settings, closed without setting [root @ centos7 ~] # Firewall-cmd --permanent =-Service---add Samba [centos7 the root @ ~] # Firewall-cmd --reload
6. Client Access test
[@ centos7- the root 27 ~] # yum the install -Y CIFS- utils installation package # # smb mount with smbuser1 users share and access the [@ centos7 the root - 27 ~] # mkdir / mnt / smbuser1 [@ centos7 the root - 27 ~ ] # Mount -o username = smbuser1 // 192.168.214.17/smbshare / mnt / smbuser1 password for smbuser1 @ // 192.168.214.17/smbshare: ****** enter the password # # or a mount -o username = smbuser1, CentOS = password // 192.168.214.17/smbshare / mnt / smbuser1 # Note centos6 mount also a plus when centos7 = mount option sec NTLMSSP # MountNTLMSSP sec = -o, smbuser1 = username, password = CentOS // 192.168.214.17/smbshare / mnt / smbuser1 [@ centos7- the root 27 ~] # CD / mnt / smbuser1 / # enter the mount directory [@ centos7 the root - 27 smbuser1] # LS # you can see may visit a.txt Initial -setup- ks.cfg # smb.conf know from previous set, smbuser1 have write permission, smbuser2 no write permission, you can be the next test [root @ centos7 - 27 smbuser1] # Touch b.txt [root @ centos7 - 27 smbuser1] # LS # smbuser1 successful a.txt b.txt Initial -setup- ks.cfg # smb share with smbuser2 users to mount and access [centos7 the root @ - 27~] # mkdir / mnt / smbuser2 [@ centos7 the root - 27 ~] # Mount -o smbuser2 = username, password = CentOS // 192.168.214.17/smbshare / mnt / smbuser2 [@ centos7- the root 27 ~ ] # cd / mnt / smbuser2 / [root @ centos7 - 27 smbuser2] # LS # you can see the mount successful a.txt b.txt Initial -setup- ks.cfg [root @ centos7 - 27 smbuser2] # Touch c .txt # can see no write permission Touch : cAN not Touch 'c.txt': permission denied