Samba server configuration under Centos7 (actual combat!)

Samba overview

Samba is a free software to implement the SMB protocol on Linux and UNIX systems, which consists of server and client programs. SMB (Server Messages Block) is a kind of communication protocol that shares files and printers on LAN. It provides file and printer sharing services for different computers in LAN. SMB protocol is a client / server protocol, through which clients can access the shared file system, printers and other resources on the server. By setting "NetBIOS over TCP/IP", samba can not only share resources with LAN hosts, but also with computers around the world.

First, anonymous access to Samba shared services

1. Install Samba service

[root@localhost ~]# yum install samba -y  ##Install Samba service

2. Configure Samba configuration file information

[root@localhost ~]# cd /etc/samba/    ##Switch to Samba profile directory
[root@localhost samba]# mv smb.conf smb.conf.bak   ##backups
[root@localhost samba]# grep -v "#" smb.conf.bak > smb.conf   ##Recreate a profile (uncommented)
[root@localhost samba]# vim smb.conf    ##Modify profile

[global]                                     ##Overall situation
                workgroup = SAMBA
                security = user

                passdb backend = tdbsam

                printing = cups
                printcap name = cups
                load printers = yes
                cups options = raw
                map to guest = Bad User     ##Add this item to enable anonymous user access
##Add the following configuration information from big G to the last line
[myshare]                                     ##Added share file
                path=/opt/abc                       ##Route
                public=yes                            ##Public access
                browseable=yes                   ##Can access
                writable=yes                         ##Write permission
                create mask=0644               ##Setting permissions
                directory mask=0755

3. Create myshare path directory and give permission

[root@localhost samba]# mkdir /opt/abc      ##Create directory
[root@localhost samba]# chmod 777 /opt/abc   ##Give all permissions
[root@localhost samba]# systemctl stop firewalld.service   ##Turn off firewall
[root@localhost samba]# setenforce 0    ##Turn off enhancements
[root@localhost samba]# systemctl start smb.service   ##Start Samba service

4. Access with testing machine

Using test machine to access share

View shared folders

Create a file into a shared folder

Viewing created files in Linux

[root@localhost samba]# cd /opt/abc/   ##View the shared file directory and the created text
[root@localhost abc]# ls
111.txt
[root@localhost abc]# ls -l     ##The anonymous access user of Linux is nobody
//Total dosage 0
-rw-r--r--. 1 nobody nobody 0 11 Month 515:51 111.txt

Second, authentication of Samba shared service

1. Configure Samba configuration file information

[root@localhost ~]# cd /etc/samba/    ##Switch to Samba profile directory
[root@localhost samba]# vim smb.conf    ##Modify profile

[global]
                workgroup = SAMBA
                security = user

                passdb backend = tdbsam

                printing = cups
                printcap name = cups
                load printers = yes
                cups options = raw   ##Remove an entry for anonymous access
##Add the following configuration information from big G to the last line
[test]
                path=/opt/test         ##Shared file directory path
                browseable=yes     ##Can access and remove public items
                create mask=0644
                directory mask=0755
                valid users=zhangsan, lisi      ##Users allowed to access
                write list=zhangsan                ##Users allowed to write

2. Create smb user

[root@localhost samba]# useradd zhangsan      ##Create two users
[root@localhost samba]# useradd lisi
[root@localhost samba]# smbpasswd -a zhangsan   ##Create smb user and set password
New SMB password:       ##Set password
Retype new SMB password:     ##Confirm password
Added user zhangsan.
[root@localhost samba]# smbpasswd -a lisi
New SMB password:
Retype new SMB password:
Added user lisi.
[root@localhost samba]# pdbedit -L    ##List smb users
zhangsan:1001:
lisi:1002:
[root@localhost samba]# cd /opt/    
[root@localhost opt]# mkdir test    ##Create shared directory
[root@localhost opt]# ls
abc  rh  test
[root@localhost opt]# chmod 777 test/   ##Give maximum permission
[root@localhost opt]# systemctl restart smb.service   ##Restart Samba service

3. Use the tester to access the share

To avoid errors, clear the cache on the test first

Using test machine to access share

Require authentication, enter username and password


Create a file to the test shared folder

Viewing created files in Linux

[root@localhost opt]# cd /opt/test/
[root@localhost test]# ls    ##Create success
222.txt

4. Because only zhangsan write permission is allowed in the configuration file, test whether lisi can write

Using lisi to access shares

Test creation file

III. account name mapping of Samba shared service (account alias login)

1. Configuration mapping file and Samba configuration file

[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# vim smbusers    ##Create account mapping profile

zhangsan = t01 t02   ##Alias t01 t02 password or zhangsan user's password

[root@localhost samba]# vim smb.conf   ##Configuring Samba profiles

[global]
                workgroup = SAMBA
                security = user

                passdb backend = tdbsam

                printing = cups
                printcap name = cups
                load printers = yes
                cups options = raw
                username map = /etc/samba/smbusers    ##Add profile path for alias

[root@localhost samba]# systemctl restart smb.service   ##Restart Samba service

2. Test alias access with a tester

Login with alias


IV. access control list of Samba shared services

1. Configure Samba configuration file information

[root@localhost ~]# cd /etc/samba/    ##Switch to Samba profile directory
[root@localhost samba]# vim smb.conf    ##Modify profile

[test]
    path=/opt/test
    browseable=yes
    create mask=0644
    directory mask=0755
    valid users=zhangsan, lisi
    write list=zhangsan
    hosts deny=192.168.13.    ##Add deny 192.168.13 segment access test
[root@localhost samba]# systemctl restart smb.service   ##Restart Samba service

2. Use the tester to access the test shared folder

V. directly mount to Linux through Windows shared folder

1. Using Linux to access Windows shared files

[root@localhost ~]# smbclient -L //192.168.100.99/share 
Enter SAMBA\root's password:                               ##Password

2. Mount the shared file to Linux and directly access the file

[root@localhost ~]# mkdir -p /opt/share01   ##Create mount point
[root@localhost ~]# mount.cifs //192.168.100.99/share/opt/share01 ා mount the shared folder to the mount point
Password for root@//192.168.100.99/share:  
[root@localhost ~]# cd /opt/share01    ##Switch to mount point
[root@localhost share01]# ls
test.txt
[root@localhost share01]# cat test.txt    ##View file contents of shared folders
this is a test!!

(please check the previous blog for Windows specific sharing settings, thank you!!)

Thank you for reading!

Tags: Linux vim Windows Unix

Posted on Tue, 05 Nov 2019 16:13:45 -0500 by pyfsapple