Samba Sharing:
Samba provides a stable and highly compatible file and
print sharing service that allows a Linux node to act as a client, a
member server, or even a Primary Domain Controller (PDC) or a member
of an Active Directory (AD) service on Microsoft-based networks.
Samba interacts with Microsoft's CIFS built on the Server Message
Block (SMB) protocol.
Samba is installed through the samba rpms :
Samba is installed through the samba rpms :
Package- SAMBA
Port no- 137,138,139,445
Script- /etc/init.d/smb
Daemon- smb
Configuration file- /etc/samba/smb.con
# yum install samba* -y
Port no- 137,138,139,445
Script- /etc/init.d/smb
Daemon- smb
Configuration file- /etc/samba/smb.con
# yum install samba* -y
Samba Server
Samba is build on two daemons (smbd, nmbd) and one
service (smb) which control the daemons.
smbd
The smbd server daemon provides file sharing and printing services to Windows/Linux clients. It is also responsible for user authentication, resource locking, and data sharing through the SMB protocol. The ports on which the server listens for SMB traffic are TCP ports 139 and 445. It is controlled by the smb service.
nmbd
The nmbd server daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows systems. It also participates in the browsing protocols that make up the Windows Network Neighbourhood view. The port that the server listens to for NMB traffic is UDP port 137. The nmbd daemon is controlled by the smb service.
smbd
The smbd server daemon provides file sharing and printing services to Windows/Linux clients. It is also responsible for user authentication, resource locking, and data sharing through the SMB protocol. The ports on which the server listens for SMB traffic are TCP ports 139 and 445. It is controlled by the smb service.
nmbd
The nmbd server daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows systems. It also participates in the browsing protocols that make up the Windows Network Neighbourhood view. The port that the server listens to for NMB traffic is UDP port 137. The nmbd daemon is controlled by the smb service.
/etc/samba/smb.conf
This is the main configuration file and is plenty of comments that explain every option. The following is a basic samba server configuration that just exports the printers and /home dir to all Windows/Linux neighbours.
# cat /etc/samba/smb.conf
# --------------------------- Logging Options -----------------------------
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
# ----------------------- Standalone Server Options ------------------------
# Use local system accounts for authentication. To create the samba user 'john'
# use the command 'smbpasswd -a john' an set the same password as on the system.
# To remove john account on samba server 'smbpasswd -x john'
security = user
passdb backend = tdbsam
# --------------------------- Printing Options -----------------------------
# Use CUPs for printing
load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
#================== Share Definitions ==================
# Export /home and printers
[home]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
# --------------------------- Logging Options -----------------------------
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
# ----------------------- Standalone Server Options ------------------------
# Use local system accounts for authentication. To create the samba user 'john'
# use the command 'smbpasswd -a john' an set the same password as on the system.
# To remove john account on samba server 'smbpasswd -x john'
security = user
passdb backend = tdbsam
# --------------------------- Printing Options -----------------------------
# Use CUPs for printing
load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
#================== Share Definitions ==================
# Export /home and printers
[home]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
hosts allow=192.168.1.0
There is a tool that can be used to verify the smb.conf configuration : 'testparam'.
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = RHEL6-WG
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Now samba is ready to be started.
# /etc/init.d/smb restart
# chkconfig smb on
There is a tool that can be used to verify the smb.conf configuration : 'testparam'.
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = RHEL6-WG
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Now samba is ready to be started.
# /etc/init.d/smb restart
# chkconfig smb on
samba for a particular user access we can use smbpasswd
example: smbpasswd -a username
Server
Security
Firewall
In order to allow samba server to
work through a firewall the following ports must be open .
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
SElinux
In case that SElinux has been
configured as 'enforcing' in targered mode, the following SElinux parameters
must be configured to allow samba server to be executed on SElinux environment.
# setsebool -P samba_run_unconfined 1
Disables SElinux restrictions to samba.
# setsebool -P samba_enable_home_dirs 1
Allows samba to share users' home directories.
# setsebool -P samba_share_nfs 1
Allows Samba to share directories already shared via NFS.
# setsebool -P use_samba_home_dirs 1
Supports remote access to local home directories using Samba.
# chcon -R -t samba_share_t /home/share
It labels /home/share to be exported rw mode through samba on a SElinux environment. The label public_content_rw_t is also valid.
# setsebool -P samba_run_unconfined 1
Disables SElinux restrictions to samba.
# setsebool -P samba_enable_home_dirs 1
Allows samba to share users' home directories.
# setsebool -P samba_share_nfs 1
Allows Samba to share directories already shared via NFS.
# setsebool -P use_samba_home_dirs 1
Supports remote access to local home directories using Samba.
# chcon -R -t samba_share_t /home/share
It labels /home/share to be exported rw mode through samba on a SElinux environment. The label public_content_rw_t is also valid.
Samba
Client
The following is a list of the samba
client utility than can be used. For this section consider the node rhel6
(192.168.1.10) configured as the samba server defined on 'Samba Server' section
and the samba client utilities are launched from node01 (192.168.1.101) against
samba server on rhel6.
smbclient
It displays the samba shares
exported from a Samba server.
node01> smbclient -L 192.168.1.10 -U john
Enter john's password:
Domain=[RHEL6-WG] OS=[Unix] Server=[Samba 3.5.4-68.el6]
node01> smbclient -L 192.168.1.10 -U john
Enter john's password:
Domain=[RHEL6-WG] OS=[Unix] Server=[Samba 3.5.4-68.el6]
>>ls ( list directory contents)
>>exit
Access
your files with SMB (Windows)
On
Windows
How to connect your homedrive
·
Click
your Start button
·
select
run
·
Type
\\192.168.1.10\sharename eg: \\192.168.1.10\home
·
Connect
using ad\username and password. Select OK
·
Optionally
click with the right mouse button on your home and assign a drive letter
How to connect a groupdrive
·
Click
your Start button
·
select
run
·
Type
\\192.168.1.10\sharename eg: \\192.168.1.10\home
·
Connect
using ad\username and password. Select OK
·
Optionally
click with the right mouse button on your home and assign a drive letter
No comments:
Post a Comment