Samba server configuration (instance resolution)
1, Configuring samba shared server on rhel 8
① Viewing samba package information
[root@localhost ~]# yum info samba #Viewing samba package information
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:46:48 ago on Mon 21 Dec 2020 12:31:15 AM EST.
Available Packages
Name : samba
Version : 4.12.3
Release : 12.el8.3
Architecture : x86_64
Size : 840 k
Source : samba-4.12.3-12.el8.3.src.rpm
Repository : base
Summary : Server and Client software to interoperate with Windows machines
URL : https://www.samba.org
License : GPLv3+ and LGPLv3+
Description : Samba is the standard Windows interoperability suite of programs for Linux
: and Unix.
② Install Samba service settings and start automatically
[root@localhost ~]# yum install -y samba #Installing samba services
[root@localhost ~]# rpm -qa | grep samba #View samba package
samba-client-libs-4.12.3-12.el8.3.x86_64
samba-common-4.12.3-12.el8.3.noarch
samba-libs-4.12.3-12.el8.3.x86_64
samba-common-tools-4.12.3-12.el8.3.x86_64
samba-4.12.3-12.el8.3.x86_64
samba-common-libs-4.12.3-12.el8.3.x86_64
[root@localhost ~]# systemctl start smb #Start samba service
[root@localhost ~]# systemctl enable smb #Set startup and self startup
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service /usr/lib/systemd/system/smb.service.
[root@localhost ~]# systemctl status smb #View service running
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-12-21 01:22:27 EST; 21s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 33908 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4 (limit: 12180)
Memory: 13.7M
CGroup: /system.slice/smb.service
├─33908 /usr/sbin/smbd --foreground --no-process-group
├─33910 /usr/sbin/smbd --foreground --no-process-group
├─33911 /usr/sbin/smbd --foreground --no-process-group
└─33912 /usr/sbin/smbd --foreground --no-process-group
③ Create a test shared directory, add corresponding users and groups, and add corresponding samba accounts
[root@localhost ~]# mkdir /textshare
[root@localhost ~]# mkdir /textshare/share #Add shared folder
[root@localhost ~]# touch /textshare/share/text_share.tar #Add shared test file
[root@localhost ~]# groupadd share #Add user group share
[root@localhost ~]# useradd -g share share1 #Add users share1 and share2
[root@localhost ~]# useradd -g share share2
[root@localhost ~]# passwd share1 # Set up passwords for users share1 and share2
Changing password for user share1.
New password: # passwd: 111111 (for test)
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# passwd share2
Changing password for user share2.
New password: # passwd: 111111 (for test)
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# smbpasswd -a share1 # Establish a samba account with the same name in the system
New SMB password: # passwd: 111111 (for test)
Retype new SMB password:
Added user share1.
[root@localhost ~]# smbpasswd -a share2
New SMB password: # passwd: 111111 (for test)
Retype new SMB password:
Added user share2.
④ Modify smb.conf
[root@localhost ~]# vim /etc/samba/smb.conf
[share] # Define shared file directory requirements
comment = share # The annotation description file name is share
path = /textshare/share # Path of shared file (absolute path address)
writable = yes # Can I read and write
browseable = yes # Specifies whether the share can be browsed
valid users = @share # Users allowed to access the share @ share
# invalid users = users whose access to the share is prohibited
| comment | Note description |
|---|
| path | The full path name of the shared resource. In addition to the correct path, the permissions of the directory should also be set to the right (absolute path) |
| browseable | Yes yes / no no displays the shared directory in the browse resource. If yes, otherwise, you must specify a shared path to access it |
| printable | Yes yes / no no allow printing |
| hide dot ftles | Yes yes / no no hide file |
| public | Yes yes / no no public sharing. If yes, authentication is performed (this item works only when security = share) |
| guest ok | Yes yes / no no public sharing. If yes, authentication is performed (this item works only when security = share) |
| read only | Yes yes / no no shared in read-only mode. In case of conflict with writable, writable also prevails |
| writable | Yes yes / no no writable, not shared in read-only mode. In case of conflict with read only, read only is ignored |
| vaild users | Set that only users in this list can access shared resources (deny priority) (user name / @ group name) |
| invalid users | Set that only users in this list cannot access shared resources (deny priority) (user name / @ group name) |
| read list | Set members in this list as read-only (user name / @ group name) |
| write list | If it is set as read-only, only members in the set list can write (user name / @ group name) |
| create mask | Permissions given when creating files |
| directory mask | Permissions given when creating a directory |
| force group | When specifying the access to resources, the user of this set group must enter to access (user name / @ group name) |
| force user | Specify the user with this setting to access the resource (user name / @ group name) |
| allow hosts | Set that only users of this network segment / IP can access shared resources |
| allwo hosts | Segment except IP |
| deny hosts | Set that users with only this network segment / IP cannot access shared resources |
| allow hosts | IP specified in this network segment |
| deny hosts | Specify the IP of this network segment |
⑤ Modify shared directory local system permissions
[root@localhost textshare]# chmod 777 /textshare/share/ -R
[root@localhost textshare]# chown share1:share /textshare/share/ -R
[root@localhost textshare]# chown share2:share /textshare/share/ -R
[root@localhost textshare]# ll
total 0
drwxrwxrwx. 2 share2 share 28 Dec 21 01:32 share
⑥ Modify the context value
[root@localhost textshare]# chcon -t samba_share_t /textshare/share/ -R
[root@localhost textshare]# firewall-cmd --permanent --add-service=samba
success
[root@localhost textshare]# firewall-cmd --reload #Reload firewall
success
[root@localhost textshare]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client samba ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost textshare]# systemctl restart smb nmb --now #Restart service
2, linux test connection
① Install samba server and software package supporting file sharing service (CIFS utils)
yum install samba-client -y
yum install cifs-utils.x86_64 -y
② Using smbclient to access the server
I. test
II. Connection
[root@localhost ~]# smbclient //192.168.98.128/share -U share2%111111
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Mon Dec 21 03:04:30 2020
.. D 0 Mon Dec 21 01:58:02 2020
text_share.tar N 0 Mon Dec 21 01:32:51 2020
nmb.txt N 0 Mon Dec 21 01:58:12 2020
123.txt A 0 Mon Dec 21 03:04:28 2020
17811456 blocks of size 1024. 13365092 blocks available
smb: \> mkdir testdir ## New directory test
smb: \> ls ## New successfully
. D 0 Mon Dec 21 03:26:46 2020
.. D 0 Mon Dec 21 01:58:02 2020
text_share.tar N 0 Mon Dec 21 01:32:51 2020
nmb.txt N 0 Mon Dec 21 01:58:12 2020
123.txt A 0 Mon Dec 21 03:04:28 2020
testdir D 0 Mon Dec 21 03:26:46 2020
17811456 blocks of size 1024. 13365092 blocks available
smb: \> exit
③ Linux side mount shared directory
[root@localhost ~]# mkdir -p /mnt/smb_share
[root@localhost ~]# mount -t cifs //192.168.98.128/share /mnt/smb_share/ -o username=share1
Password for share1@//192.168.98.128/share: ******
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 952M 0 952M 0% /dev
tmpfs 981M 0 981M 0% /dev/shm
tmpfs 981M 18M 963M 2% /run
tmpfs 981M 0 981M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 4.3G 13G 26% /
/dev/sda1 1014M 210M 805M 21% /boot
tmpfs 196M 1.2M 195M 1% /run/user/42
tmpfs 196M 4.6M 192M 3% /run/user/0
//192.168.98.128/share 17G 4.3G 13G 25% /mnt/smb_share