Fedora core / Redhat Linux packages provided
samba samba server package
samba-client samba client tools
samba-common common tools and database
Rpmdb-fedora/rpmdb-redhat installation package (usually in the third CD-ROM)
But have been unable to find the package FC5
Installed rpmdb-dependent problem can be solved
# rpm-ivh rpmdb-fedora *. rpm
# rpm-ivh - aid samba *. rpm installed rpmdb valid
1. # Rpm-ivh cups-libs *. rpm first CD-ROM
2. # Rpm-ivh samba *. rpm discs first (client, common)
3. # Rpm-ivh samba *. rpm second CD-ROM
# rpm-qa | grep samba view a list of all packages
# rpm-ql samba | more inquiry into the list of a software
samba client tools
smbtree
Role: show all of the shared local area network host and a directory listing (default use the current user login)
Usage: smbtree [-b] [-D] [-U username% password]
-D Working Group that show only, and do not show host
-b Use broadcast query list, do not have WINS server
-D and-U can not be shared, because a user can not log in using the same domain on all hosts
nmblookup
Role: show a host name host nethios
nmblookup my-server query server IP
nmblookup \ * query all the activities of the host IP
smbclient
Role: show / log LAN shared folder
Usage: smbclient-L host
smbclient / / host / share
smbclient-L 192.168.0.22-U redhat% redhat by redhat users to log in and show the shared directory
smbclient / / 192.168.0.22/linux-U redhat% redhat
Log directory, see directory content, through put, get on the downloaded file
smbtar (have to modify / usr / bin / smbtar order, the last line of the parameter-N Anonymous login deleted)
Neighbor remote backup files online
smbtar-s win2000-u redhat-p redhat-x chinalab-t itlab.tar
Shared directory will be mounted to a local directory, and then visit
mount.cifs / / 192.168.0.22/linux / mnt-o username = redhat% redhat
tar tvf lab.tar show documents to back up bag
samba server configuration
1. Modify configuration file / etc / samba / smb.conf
workgroup = WORKGROUP
security = share
[docs]
path = / usr / share / doc
comment = share documents # Note shared directory
public = yes
2. Restart smb server
# service smb restart
# chkconfig smb on let smb start automatically every time
3. Test
# smbclient-L localhost
chkconfig smb-list view the service start-up state
SMB to provide the name of interpretation services
NMB to provide data transmission services
The two always work together
samba file server
(WINS) in the My Network Places do not see the host list, you can directly enter the IP address field, such as \ \ 192.168.0.1 view shared directory
My Network Places to see list of hosts, there are three main sources, one configuration file lmhosts, host name and IP of the correlation between
Second, Third, the server by browsing through the list of radio hosts access to
linux Access Network Places
1. Mount method
# mount-t smbfs / / 192.168.0.1/linux / mnt
Or # mount.cifs / / 192.168.0.1/linux / mnt
2. # Smbclient / / 192.168.0.1/linux-U redhat% 123
Access Control
public = yes to allow access for all
= No does not allow anonymous access
1. To share a valid user directory settings
[redhat]
path = / var / redhat
comment = redhat's files
valid users =
2. To create samba user
# useradd username create a new user
# smbpasswd-a username will be added to the samba users in
3. User account mapping
[global]
username map = / etc / samba / smbusers
4. Smbusers modify documents specified above, add the virtual user name
redhat = tom jack
Directly with the following command:
# smbuseradd unixname: mapname
5. Need to restart the smb service mapping file to read
HOME directory (for user access to the user's own home directory)
[global]
[homes]
comment = Home Directories
validusers =% S% S is the main directory
browseable = no default not allowed to visit the home directory
writable = yes to allow write
valid users = valid user list
write list = user list can be written
create mask = 0660 the definition of the default permissions to create files
directory mask = 0770 the definition of the default permissions to create directories
chown redhat / var / redhat directory is the main change
ls-lh show all files directory for more information
ls-ld / usr / redhat directory itself only shows the details of
# testparm test configuration of the correctness of the default smb.conf file
# testparm / etc / samba / smb.conf my-server 192.168.0.1
Test customers access the server which function directory
[redhat]
path = / var / redhat
comment = redhat's files
public = no
valid users =
write list =
create mask = 0660
directory mask = 0770
Note: All requests to visit the client identity will be mapped in the server-side log into account the identity of
samba configuration file
/ etc / samba / smb.conf
[global]
workgroup = WORKGROUP group or domain
server string = samba server server description
netbios name = redhat designated samba server name
security = share / user / server share without user authentication, user to verify
; password server =
Security = server and need to use
log file = / var / log / samba / log.% m% m refers to the client's netbios name, the log classification based on client name
encrypt passwords = yes
Encrypted password, windows client password in general the use of encryption, so for the yes. If we do not express the direct use of encrypted passwords, can be changed to no, but the windows client to modify the registry to be designated non-encrypted
smb passwd file = / etc / samba / smbpasswd
To use the above two!
include = / etc / samba / smb.conf.% m contains an external configuration file, for example, depending on the client name, the definition of the shared resources of different
; interfaces = 192.168.0.0/24 samba application interface in which, by default all network cards in all the interface
; name resolve order = wins lmhosts bcaast name to explain the order of
; wins support = yes itself as WINS server and made available to client inquiries
; wins server = wx.yz and use WINS as a WINS server, the request will be sent to wxyz
/ etc / samba / lmhosts file (to preserve the client IP and name of the correlation between)
The left side of the right of the name of IP
127.0.0.1 localhost
wins support, wins server can not use
itself as a wins server that the client, and specify a wins server IP
samba security level
[global]
security =
1.share
windows users do not need a list of certification will be able to access shared
2.user
need windows client to enter a user name to access the share list, the server need to establish a user account
3.server
Clients need to enter the legitimate users have access to help, but the certification process in another server, user account stored in the authentication server.
share, user only effective windows client, linux client in the user-level password can not access a shared list. only the protection of security of the host to share a list of specific access to the directory from the rules directory.
Show host name # hostname
# nmblookup my-server query the host IP (with samba netbios name of the)
See # man smb.conf Help
vi Search Tips:
/% m enter "/" re-enter the string you're looking for
/ redhat like to find "redhat" string
Skip to document shift + G Last
Default DNS server name with the machine the first part of the same
If this Fedora.cyrich.com is the name of samba server is Fedora
Access Control
First, the overall control
[global]
hosts deny = ALL
hosts allow = 192.168.0.
Second, local access control
[docs]
hosts deny = 192.168.0.
hosts allow = 192.168.0.1
[redhat]
hosts allow = 192.168.0.
host deny = 192.168.0.1 (failure)
Allow priority! !
hosts behind the format of the syntax, you can view the help man 5 host.access
1. At the beginning. Edu.cn
2. Point at the end of 192.168.0.
3.192.168.0.0/255.255.255.0
192.168.0.0/24
4.ALL LOCAL UNKNOWN DNS can not resolve the
5. / At the beginning of the designation of a document
6.hosts allow = 192.168.0.0 EXCEPT 192.168.0.1
192.168.0 network segment to allow the host to visit, but other than 192.168.0.1
Skills:
# tail / etc / samba / smb.conf
File the final ten-line
Application Case
Requirements:
1. All employees will be able to flow in the company office, but no matter which computer work, have their data stored in the file samba file server.
2. Marketing Department, Technology Department have their own directory, with a co-owned sector, a shared directory, other departments are on the server can only access their own personal home directory
3. All users on the server does not allow the use of shell
Analysis:
1. The need for samba as a file server for all users to create accounts and directories, by default all users on the server has a home directory, only to see the adoption of certification.
2. The need for Marketing and Technology Group to create a different sales and tech, and the distribution directory, all the marketing group of employees to sales and technical staff into the Department of tech group, and sales through the samba share tect
3. The establishment of user accounts, not the distribution of shell
Case implementation:
1. For all users to create accounts and directories, not the distribution of shell, the assumption that the market there are tom, jack, technology has red, blue, general manager of ceo, financial finance
2. Construction Group sales and tech, all the Marketing Group staff into sales and technical staff into the Department of tect Group
3. To create two directories / home / sales and / home / tech, and modify the two directory permissions, belong to group sales and tect
4. Through the samba share / home / sales and / home / tect
5. Test
If errors, check
/ etc / samba / smbpasswd to determine account
/ etc / samba / smbusers view the map file
tail / var / log / samba / redhat.log See / var / log / samba / log directory
Specific steps:
# vi / etc / samba / smb.conf security level for the user
# groupadd sales
# groupadd tech
# useradd-g sales-s / bin / false tom
# useradd-g sales-s / bin / false jack
# smbpasswd-a tom
# smbpasswd-a jack
# for user in red blue bulk add users red, blue
> do
> Useradd-g tech-s / bin / false $ user
> Smbpasswd-a $ user
> Done
# useradd ceo
# useradd finance
# smbpasswd-a ceo
# smbpasswd-a finance
# mkdir / home / sales / home / tech
# chgrp sales / home / sales
# chgrp tech / home / tech
# chmod 770 / home / sales
# chmod 770 / home / tech
# chmod g + s / home / sales authority to prevent chaos
# chmod g + s / home / tech
# vi / etc / samba / smb.conf
[sales]
path = / home / sales
comment = sales
public = no
valid users = @ sales
write list = @ sales
create mask = 0770 In fact, the effect is that 0760, because the samba server will automatically remove the executable permissions
directory mask = 0770
[tech]
path = / home / tech
comment = tech
public = no
valid users = @ tech
write list = @ tech
create mask = 0770
directory mask = 0770
linux test
1.smbclient-L 192.168.0.22-U tom% tom
2.mount.cifs / / 192.168.0.22/ceo-o username = ceo% ceo
windows client mapping a network drive, and then set the "My Documents" location, you can save the file anywhere in the samba server
0 评论:
发表评论