內容選單標籤

2020年4月21日 星期二

CentOS8 Samba



https://technowikis.com/6772/how-to-install-samba-on-centos-8


++++++++++++++++++++++++++++++++++++ For User /home/user (xxx 有問題 xxx)

# dnf -y install samba samba-client

# systemctl enable smb.service
# systemctl start smb.service

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

# useradd kk5
# smbpasswd -a kk5


# chcon -t samba_share_t /home/kk5/
# setsebool -P samba_enable_home_dirs on


# vi /etc/samba/smb.conf
...
[global]
        workgroup = WORKGROUP
        server string = Samba Server% v
        netbios name = centos8
        map to guest = bad user
        dns proxy = no

        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
...


# systemctl restart smb.service



++++++++++++++++++++++++++++++++++++ For Rigestered User
# dnf -y install samba samba-client

# systemctl enable smb.service
# systemctl start smb.service

#firewall-cmd --permanent --zone=public --add-service=samba
#firewall-cmd --reload


------------------------------------
# useradd -M kk1 -s /sbin/nologin
------------------------------------

#useradd solvetic_samba
#groupadd smbgrp
#usermod -a -G smbgrp solvetic_samba
#smbpasswd -a solvetic_samba

#mkdir -p /home/secure

------------------------------------ 只要 smbgrp 群組皆可
#chown -R kk2:smbgrp /home/secure/
------------------------------------

#chown -R solvetic_samba:smbgrp /home/secure/
#chmod -R 0770 /home/secure/
#chcon -t samba_share_t /home/secure/

# vi /etc/samba/smb.conf
...
[global]
        workgroup = WORKGROUP
        server string = Samba Server% v
        netbios name = centos8
        map to guest = bad user
        dns proxy = no

        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
...

//write list 是可以進入這個資料夾的使用者清單,@users 代表所有 SAMBA 使用者。
[Secure]
        path = /home/secure
        valid users = @smbgrp
        browsable = yes
        writable = yes
        guest ok = no



# systemctl restart smb.service

HostOS
\\192.168.1.4
登入、新增文件

# ls /home/secure/
檢查新增的文件是否正常



++++++++++++++++++++++++++++++++++++For Anonymous

# dnf -y install samba samba-client

# rpm -qa | grep samba
samba-client-libs-4.10.4-101.el8_1.x86_64
samba-common-4.10.4-101.el8_1.noarch
samba-common-libs-4.10.4-101.el8_1.x86_64
samba-common-tools-4.10.4-101.el8_1.x86_64
samba-4.10.4-101.el8_1.x86_64
samba-libs-4.10.4-101.el8_1.x86_64
samba-client-4.10.4-101.el8_1.x86_64


# ls /usr/lib/systemd/system
...
smb.service
...


# systemctl enable smb.service
# systemctl start smb.service

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

# mkdir -p /anonymous
# chmod -R 0755 /anonymous
# chown -R nobody:nobody /anonymous
# chcon -t samba_share_t /anonymous            //change file SELinux security context



# vi /etc/samba/smb.conf
...

//global 是關於 samba server 的設定
//security = user 代表需要帳戶密碼登入,使用者是 Linux 使用者,密碼則要另外設定一組            Samba 用的密碼。
[global]
        workgroup = WORKGROUP
        server string = Samba Server% v
        netbios name = centos8
         map to guest = bad user
        dns proxy = no

        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw



//homes 是對應 Linux 使用者的 home 資料夾,若有一個 linux 使用者 test123 登入了 samba,將會看到一個名為 test123 的資料夾,這個資料夾就代表 /home/test123
//browseable 代表其他使用者是否能看到這個資料夾
//writable 代表對此資料夾具有存取權的使用者的是否可以寫入檔案,否則唯讀
//create mode 代表使用者建立的檔案權限(linux 檔案權限)
//directory mode 代表使用者建立的目錄權限(linux 目錄權限)
[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
...


//[Anonymous] 會建立一個 public 資料夾(Samba上顯示的資料夾)
//path 要指向主機上的目錄,要注意的是這個目錄需要讓所有使用者都有存取權,將權限設定給 SAMBA 群組可能是個好主意。
//write list 是可以進入這個資料夾的使用者清單,@users 代表所有 SAMBA 使用者。
//若不需要共享的資料夾,將 [samba分享] 這部分設定刪除即可。
[Anonymous]
        path = /anonymous
        browsable = yes
        writable = yes
        guest ok = yes
        read only = no


# systemctl restart smb.service



HostOS
\\192.168.1.4


























++++++++++++++++++++++++++++++++++++ By rigestered users



# adduser -M smb -s /sbin/nologin
# smbpasswd -a  smb
New SMB password:            //123456
Retype new SMB password:
Added user smb.




---------------------------------------------
# getsebool -a | grep samba
# setsebool samba_enable_home_dirs on













# vi /etc/samba/smb.conf
...
//global 是關於 samba server 的設定
//security = user 代表需要帳戶密碼登入,使用者是 linux 使用者,密碼則要另外設定一組            Samba 用的密碼。
[global]
        workgroup = SAMBA
        security = user

        map to guest = bad user
        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw


//homes 是對應 linux 使用者的 home 資料夾,若有一個 linux 使用者 test123 登入了 samba,將會看到一個名為 test123 的資料夾,這個資料夾就代表 /home/test123
browseable 代表其他使用者是否能看到這個資料夾
writable 代表對此資料夾具有存取權的使用者的是否可以寫入檔案,否則唯讀
create mode 代表使用者建立的檔案權限(linux 檔案權限)
directory mode 代表使用者建立的目錄權限(linux 目錄權限)


[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
...


//[samba分享] 會建立一個 public 資料夾(Samba上顯示的資料夾)
path 要指向主機上的目錄,要注意的是這個目錄需要讓所有使用者都有存取權,將權限設定給 SAMBA 群組可能是個好主意。
write list 是可以進入這個資料夾的使用者清單,@users 代表所有 SAMBA 使用者。
若不需要共享的資料夾,將 [samba分享] 這部分設定刪除即可。
[samba分享]
    comment         = Public Directories
    path            = /samba
    browseable      = Yes
    writable        = Yes
    create mode     = 0664
    directory mode  = 0775
    write list      = @users
    guest only = yes


# getsebool -a | grep samba
...
use_samba_home_dirs --> off
virt_use_samba --> off
# setsebool -P samba_enable_home_dirs on


//change file SELinux security context
# chcon -R -t samba_share_t /samba





# systemctl start smb.service
# systemctl is-active smb.service
active
# systemctl status smb.service
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-04-06 09:03:17 CST; 21s ago
...



# systemctl enable smb.service
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
# systemctl is-enabled smb.service
enabled



# firewall-cmd --info-service samba
samba
  ports: 137/udp 138/udp 139/tcp 445/tcp
  protocols:
  source-ports:
  modules: netbios-ns
  destination:
  includes:

# firewall-cmd --permanent --zone=public --add-service=samba

success
# firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens32
  sources:
  services: cockpit dhcpv6-client samba ssh


# firewall-cmd --list-services
cockpit dhcpv6-client samba ssh


# firewall-cmd --reload
success


# mkdir /samba

# chmod -R 755 /samba
# chown -R nobody:nobody /samba


# systemctl restart smb.service




# groupadd samba

# useradd kk1
# passwd kk1

# usermod -a -G samba kk1
# pdbedit -a -u kk1




# adduser -M SambaUser -s /sbin/nologin

# cat /etc/group
SambaUser:x:1002:

# cat /etc/passwd
SambaUser:x:1001:1002::/home/SambaUser:/sbin/nologin


# cat /etc/shadow
SambaUser:!!:18330:0:99999:7:::


# ls /home


# smbpasswd -a SambaUser
New SMB password:            //123456
Retype new SMB password:
Added user SambaUser.


++++++++++++++++++++++++++++++++++++++++++++++++++






++++++++++++++++++++++++++++++++++++++++++++++++++






++++++++++++++++++++++++++++++++++++++++++++++++++






++++++++++++++++++++++++++++++++++++++++++++++++++






++++++++++++++++++++++++++++++++++++++++++++++++++






++++++++++++++++++++++++++++++++++++++++++++++++++














張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)