First, record how the linux client accesses the shared folder of windows or linux with commands
The first step is smbclient-L//192.168.100.5-U public (smbclient is the command-L is to list which shared files the server has-U followed by the user name)
-
The second step is to enter the password and see the folder shared by the server. Then you enter the server with the command smbclient //192.168.100.5/Resource Sharing-U public. When you enter the password, you will see the following. (I log in to the shared file of windows)
Password: Domain=[DC] OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003 5.2] smb: \> The third step is to use help to see how commands are used, commonly used are ls cd get put exit, etc.
Step 4 WIN7 Access Summary\ www.google.com\nobody Or www.google.com\guest such
Step 5 If WIN7 is not accessible, modify the registry HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
The value of LmCompatibility Level is equal to 1Step 6 Access modification deletion on windows will not refresh HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer in time
The value of NoSimpleNetIDList is equal to 1
Samba server configuration section
- Step one:
Enter the / etc/samba directory, backup smb.conf, delete the file, and rebuild it yourself. Enter the following
[global] workgroup = WORKGROUP netbios name = www.test.com # The key point here is that it's better to use the same name as the machine name when accessing remotely. server string = C2 is samba server security = share load printers = no #No printer loaded disable spoolss = yes #Hidden Printer cups options = raw #Printer type unix charset = utf8 dos charset =GBK display charset = utf8 client lanman auth = yes client plaintext auth = yes hosts deny = 192.168.0.55 #Blocking this IP access to SMB [public] path = /var/public writeable = yes browseable = yes guest ok = yes
Simply explain the global configuration above, you must have it. The first three lines show what to say. If security is share, it does not need the password of the account. If it is user, it is to verify.
[public] This directory is shared on the client side, path is the shared path, guest ok is yes is not authenticated.
- The second step:
Create a folder called public in / var / directory for shared folders
[root@localhost ~]# id nobody uid=99(nobody) gid=99(nobody) groups=99(nobody) [root@localhost ~]# chown -R nobody:nobody /var/public
OK, and then restart SMB servers service smb restart and service nmb start, a simple shared server that does not need validation.
- Step 3: Make a Shared Server with Account Password
First use the command useradd public-s/sbin/nologin (the system establishes an account called public and cannot log in to the system)
Then use the command smbpasswd-a public (with this command to add an SMB account called public)
chown public:public /var/public (allowing public accounts to use the directory / var/public)
Then modify in/etc/samba/smb.conf:
[global] workgroup = WORKGROUP // Used to specify the NT domain name on your machine's network netbios name = www.google.com //Host name, used to access addresses, important server string = google is samba server guest account = public //If you want to create an account, fill in the username again and add the account in / etc/passwd, otherwise use the default'nobody'as the account. security = user // This is the security level of the samba server. The default is user level. Samba has four security levels. // 1. share level, share security level, users can log in without entering account number and password // 2. user level, user security level, user needs account number and password to login // 3. server level, server security level, password checking can be specified by another samba server // 4. domain domain security level, need to specify a server such as XP to verify user password unix charset = utf8 dos charset = GBK display charset = utf8 client lanman auth = yes client plaintext auth = yes [public] path = /var/public writeable = yes browseable = yes guest ok = no //Users need passwords, yes does not need passwords (need to match the security level above) comment = public valid users = public //Accessible users public = no //Anonymous users can't see create mask = 0777
The main thing is to change security to user guest ok to no
Finally, service smb restart and service nmb start make a shared file server with command access.
If a firewall opens
[root@s ~]# iptables -A INPUT -p tcp --dport 139 -j ACCEPT [root@s ~]# iptables -A INPUT -p tcp --dport 445 -j ACCEPT [root@s ~]# iptables -A INPUT -p udp --dport 137 -j ACCEPT [root@s ~]# iptables -A INPUT -p udp --dport 138 -j ACCEPT [root@s ~]# iptables -A INPUT -i lo -j ACCEPT
`