web123456

Centos7 system installation and configuration of samba service

sambahistories

Samba is inLinuxSMB (Server Messages Block) is a freeware program that implements the SMB protocol on UNIX systems, consisting of a server and a client program.SMB (Server Messages Block) is a way to share files and printers on a local area network.communications protocolSamba is a client/server type of protocol that allows clients to access shared file systems, printers and other resources on a server. By setting "NetBIOS over TCP/IP", Samba can share resources not only with hosts in the local area network, but also with computers all over the world.

In the early days of the Internet world, the transfer of file data between different hosts was mostly done using FTP, a good server program. However, there is a slight problem with using FTP to transfer files, and that is, you cannot modify the file data on the host directly! That is to say, if you want to change a file on a Linux host, you have to change the file by theServer You can only modify the file after downloading it to the Client side, so the file will exist on both the Server and Client side. In this case, if one day you modify a file but forget to upload the data back to the host, how do you know that the file is up-to-date after a while?

Since there is such a problem, is it possible to access the files on the Server directly on the Client side? If the files on the Server side can be accessed directly on the Client side, then there is no need for the files to exist on the Client side, i.e. as long as the files on the Server side exist, it is fine! Is there such a file system? Happily, NetworkFile System, NFS is one of such file systems! I just need to mount the directory provided by the Server on the Client side, then the Client machine can directly access the file data on the Server, and the data is just like the partition on the Client side! In addition to the NFS server that allows Unix-like machines to share files with each other, there is also a similar file system on Microsoft, the CommonInternet File System (CIFS), which is the simplest way to think of it is as the "Internet Neighborhood".Windows Computers on the system can share file data provided by others through the "Network Neighborhood" on the desktop. However, NFS only allows Unix machines to communicate, and CIFS only allows Windows machines to communicate. So, is there any file system that allows Windows and Unix-like platforms to share file data with each other?

In 1991, a college student named Andrew Tridgwell had such a problem. He had three machines in his hands, namely, a personal computer running DOS, DEC's Digital Unix system, and Sun's Unix system. At that time, DEC had developed a set of software called PATHWORKS, which could be used to share file data between DEC's Unix and PC's DOS operating systems. Unfortunately for Tridgwell, Sun's Unix could not be utilized for the purpose of data sharing through this software. At this point, Tridgwell wanted to say, "Huh! Since the two systems can communicate with each other, it doesn't make sense that Sun has to suffer so much, right? Can we find out the operation principle of these two systems, and then let the Sun machine can also share the file data? In order to solve this problem, this guy wrote his own program to detect the communication protocols used by DOS and DEC Unix systems in data sharing and transmission, and then captured these important information and developed ServerMessage Block (SMB) based on the communication protocols found above. The SMB software allows Unix and DOS to share data with each other! (Note: Again, the file system that allows file sharing on Unix Like is NFS, while the file system used by Network Neighborhood on Windows is called Common Internet File System (CIFS)). So Tridgwell applied for the name SMBServer (short for Server Message Block) to trademark the software he wrote, but unfortunately, because SMB is a meaningless word, it was not registered. If that's the case, then can we find some related words in the dictionary that can be registered as a trademark? I've been searching for a long time, and I've found that SAMBA contains SMB! SAMBA just happens to contain the word SMB, which is the name of a passionate Latin dance, so let's use this name as a trademark. So, this became the origin of the name SAMBA that we use today.

Check if samba is already installed on the current system

rpm -qa | grep 'samba'
  • 1

Installation of the samba service, related packages required

samba-3.6.9-151.el6.x86_64
//Server-side software, mainly provides daemons for samba servers, shared documents, log rotation.
samba-common-3.6.9-151.el6.x86_64
// Mainly provides samba server setup files and setup file syntax checker testparm.
samba-client-3.6.9-151.el6.x86_64
// Client software, mainly provides linux host as a client, the required tools command set
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6

Installation using yum

yum -y install samba samba-common samba-client
  • 1

Check if the installation was successful

[jamza@Jamza ~]$ rpm -qa | grep 'samba'
samba-common-tools-4.8.3-4.el7.x86_64
samba-common-4.8.3-4.
samba-client-libs-4.8.3-4.el7.x86_64
samba-libs-4.8.3-4.el7.x86_64
samba-4.8.3-4.el7.x86_64
samba-common-libs-4.8.3-4.el7.x86_64
samba-client-4.8.3-4.el7.x86_64
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

After the installation is complete, the /etc/samba/ file is generated, which is the main configuration file for the samba service.

Check the status of the samba service, start the service

service smb status //ferret outsambaservice status
service smb start //activate (a plan)sambaservice
service smb restart //reopensambaservice
  • 1
  • 2
  • 3

Modify the samba service configuration file

Open the samba service configuration file /etc/samba/ with the following contents:

# See  for a more detailed config file or
# read the  manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
		force group = @printadmin
        create mask = 0664
        directory mask = 0775
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37

Increase the mode for:

[shared_name]
path = /path/to/share_directory //directory path for shared files
comment = aaa //Comment information
guest ok = {yes|no} //Whether to allow guest account access
public = {yes|no} //Is it public?
writable = {yes|no} //Shared access is writable or not
read only = {yes|no} //read only = no is equivalent to writeable= yes
browseable = {yes|no} //whether browseable is supported or not
write list = +GROUP_name //whether people in the group are writable, without + it is a user.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

Paradigm:

[share]
        path = /home/jamza/share
        comment = jamza_share
        public = yes
        writable = yes
        browseable = yes
        guest ok = yes
        valid users = jamza,root
        available = yes
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

Adding Shared Users

smbpasswd -a jamza //add shared user for jamza user and set samba password
  • 1

Mapping network drives on windows

On the window side, map the network drive, enter \192.168.0.130\share, and then enter the account janza with the password to access it.
Note that share is [share] in /etc/samba/.

If you can't connect from the window side, you need to disable the firewall on the linux side.

For centos 7.0, firewall is used as a firewall by default. Disable firewall:

systemctl stop
# Stop firewall

systemctl disable
#Disable firewall boot

firewall-cmd --state
#Check the state of the default firewall (notrunning when it's off, running when it's on).

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

If the samba folder denies access on the window side, close SELinux.

SELinux in CentOS is a very powerful forced access control system. Its full name is Security Enhanced Linux, and it is an implementation of the forced access control system, whose purpose is to explicitly point out which resources are accessible to a certain process, which include, but are not limited to, files or network ports and so on.

So it was the cause of the previous denial of access in Samba even though the shared files were listed, the owner was not disputed, and the permissions were set correctly. On a server, such a security mechanism is necessary, but as a development machine, it's a bit pointless. That being the case, we can configure SELinux with our own settings.

Get the current state of SELinux: getenforce

There are three types of results returned: Enforcing, Permissive and Disabled, where Enforcing means logging warnings and blocking suspicious behavior, Permissive means logging only security warnings but not blocking suspicious behavior, and Disabled means disabled.

Set the running state of SELinux: setenforce [Enforcing | Permissive | 1 | 0]

To change it permanently, you need to configure its configuration file: vi /etc/sysconfig/selinux
Just set SELINUX=xxx (xxx means the state you want, enforcing, permissive or disabled)

  2 # This file controls the state of SELinux on the system.
  3 # SELINUX= can take one of these three values:
  4 #     enforcing - SELinux security policy is enforced.
  5 #     permissive - SELinux prints warnings instead of enforcing.
  6 #     disabled - No SELinux policy is loaded.
  7 SELINUX=disabled
  8 # SELINUXTYPE= can take one of three values:
  9 #     targeted - Targeted processes are protected,
 10 #     minimum - Modification of targeted policy. Only selected processes are protected.
 11 #     mls - Multi Level Security protection.
 12 SELINUXTYPE=targeted

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12