Bii o ṣe le Fi Samba4 sori ẹrọ lori CentOS 7 fun Pinpin Faili lori Windows

Ninu nkan wa ti o kẹhin, a fihan bi a ṣe le fi Samba4 sori Ubuntu fun pinpin faili ipilẹ laarin awọn ọna Ubuntu ati awọn ẹrọ Windows. Nibiti a ti wo tito leto ailorukọ (aiṣe aabo) bii pipin faili to ni aabo.

Nibi, a yoo ṣe apejuwe bi o ṣe le fi sori ẹrọ ati tunto Samba4 lori CentOS 7 (tun ṣiṣẹ lori RHEL 7) fun pinpin faili ipilẹ laarin awọn eto Linux miiran ati awọn ẹrọ Windows.

Pataki: Bibẹrẹ lati ẹya 4.0, Samba le ṣiṣẹ bi Adarí Iṣakoso Aṣẹ Samba4 Active Directory, eyiti o ni awọn akọle pataki fun Ubuntu, CentOS, ati Windows.

Fi Samba4 sori ẹrọ ni CentOS 7

1. Ni akọkọ fi Samba4 sori ẹrọ ati awọn idii ti a beere lati awọn ibi ipamọ CentOS aiyipada nipa lilo ọpa yum package oluṣakoso bi o ti han.

# yum install samba samba-client samba-common

2. Lẹhin fifi awọn idii samba sii, jẹ ki awọn iṣẹ samba gba laaye nipasẹ ogiriina eto pẹlu awọn ofin wọnyi.

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

Ṣayẹwo Awọn Eto Ẹgbẹ-iṣẹ Windows Machine

3. Ṣaaju ki o to tẹsiwaju lati tunto samba, rii daju pe ẹrọ Windows wa ni ẹgbẹ iṣẹ kanna lati tunto lori olupin CentOS.

Awọn ọna meji ti o ṣee ṣe wa lati wo awọn eto iṣẹ ẹgbẹ ẹrọ Windows:

    Tite ọtun ni\"PC yii" tabi\"Kọmputa Mi" → Awọn ohun-ini → Awọn eto eto ilọsiwaju Name Orukọ Kọmputa.

  • Ni omiiran, ṣii itọsi cmd ki o ṣiṣe aṣẹ atẹle, lẹhinna wa fun “agbegbe iṣẹ” ni iṣẹjade bi a ṣe han ni isalẹ. 

>net config workstation

Tito leto Samba4 lori CentOS 7

4. Faili iṣeto samba akọkọ jẹ /etc/samba/smb.conf, faili atilẹba wa pẹlu awọn eto iṣeto-tẹlẹ eyiti o ṣalaye ọpọlọpọ awọn itọsọna iṣeto lati ṣe itọsọna fun ọ.

Ṣugbọn, ṣaaju tito leto samba, Mo daba fun ọ lati mu afẹyinti ti faili aiyipada bii eleyi.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Lẹhinna, tẹsiwaju lati tunto samba fun awọn ailorukọ ailorukọ ati aabo awọn iṣẹ pinpin bi a ti salaye ni isalẹ.

5. Ni akọkọ ṣẹda itọsọna ti o pin nibiti awọn faili yoo wa ni fipamọ sori olupin ati ṣeto awọn igbanilaaye ti o yẹ lori itọsọna naa.

# mkdir -p /srv/samba/anonymous
# chmod -R 0775 /srv/samba/anonymous
# chown -R nobody:nobody /srv/samba/anonymous

Paapaa, o nilo lati yi ipo ọrọ aabo SELinux pada fun itọsọna ti o pin samba bi atẹle.

# chcon -t samba_share_t /srv/samba/anonymous

6. Itele, ṣii faili iṣeto samba fun ṣiṣatunkọ, nibi ti o ti le yipada/ṣafikun awọn apakan ni isalẹ pẹlu awọn itọsọna to baamu.

# vi /etc/samba/smb.conf

[global]
	workgroup = WORKGROUP
	netbios name = centos
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

7. Bayi ṣayẹwo awọn eto samba lọwọlọwọ nipa ṣiṣe pipaṣẹ ni isalẹ.

# testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No

8. Lakotan, bẹrẹ ati mu awọn iṣẹ samba ṣiṣẹ lati bẹrẹ laifọwọyi ni bata atẹle ki o tun lo awọn ayipada ti o wa loke lati ni ipa.

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

9. Bayi lori ẹrọ Windows, ṣii\"Nẹtiwọọki" lati window Windows Explorer, lẹhinna tẹ lori ile-iṣẹ CentOS, tabi ohun miiran gbiyanju lati wọle si olupin nipa lilo adiresi IP rẹ (lo aṣẹ ifconfig lati gba adiresi IP).

e.g. \2.168.43.168.

10. Nigbamii, ṣii itọsọna Anonymous ki o gbiyanju lati ṣafikun awọn faili ni nibẹ lati pin pẹlu awọn olumulo miiran.

Ṣeto Samba4 Pinpin Faili Ni aabo

11. Ibẹrẹ akọkọ nipa ṣiṣẹda ẹgbẹ eto samba kan, lẹhinna ṣafikun awọn olumulo si ẹgbẹ ki o ṣeto ọrọ igbaniwọle fun olumulo kọọkan bii bẹẹ.

# groupadd smbgrp
# usermod tecmint -aG smbgrp
# smbpasswd -a tecmint

12. Lẹhinna ṣẹda itọsọna ti o ni aabo nibiti awọn faili ti o pin yoo wa ni fipamọ ati ṣeto awọn igbanilaaye ti o yẹ lori itọsọna pẹlu ipo aabo SELinux fun samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

13. Nigbamii ṣii faili iṣeto fun ṣiṣatunkọ ati yipada/ṣafikun apakan ni isalẹ pẹlu awọn itọsọna to baamu.

# vi /etc/samba/smb.conf

[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

14. Lẹẹkansi, ṣayẹwo awọn eto iṣeto samba nipa ṣiṣe pipaṣẹ wọnyi.

$ testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure
	read only = No
	valid users = @smbgrp

15. Tun awọn iṣẹ Samba tun bẹrẹ lati lo awọn ayipada naa.

# systemctl restart smb.service
# systemctl restart nmb.service

16. Lọ si ẹrọ Windows, ṣii\"Nẹtiwọọki" lati window Windows Explorer, lẹhinna tẹ lori ile-iṣẹ CentOS, tabi bẹẹkọ gbiyanju lati wọle si olupin nipa lilo adirẹsi IP rẹ.

e.g. \2.168.43.168.

A yoo beere lọwọ rẹ lati pese orukọ olumulo ati ọrọ igbaniwọle rẹ lati buwolu wọle ni olupin CentOS. Lọgan ti o ba ti tẹ awọn iwe-ẹri sii, tẹ O DARA.

17. Lọgan ti o ba buwolu wọle ni aṣeyọri, iwọ yoo wo gbogbo awọn ilana itọsọna ti samba. Bayi ni aabo pin diẹ ninu awọn faili pẹlu awọn olumulo miiran ti a gba laaye lori nẹtiwọọki nipa sisọ wọn silẹ ni itọsọna Secure.

O tun le ṣayẹwo awọn nkan ti o wulo wọnyi nipa pinpin faili Samba lori nẹtiwọọki kan.

    Bii a ṣe le Oke/Unmount Agbegbe ati Nẹtiwọọki (Samba & NFS) Awọn ilana Awọn faili ni Linux
  1. Lilo ACLs (Awọn atokọ Iṣakoso Wiwọle) ati Samba iṣagbega/NFS Awọn mọlẹbi
    2. Bii a ṣe le ṣatunṣe Ailera SambaCry (CVE-2017-7494) ninu Awọn ọna Linux

Ninu itọsọna yii, a fihan ọ bi o ṣe le ṣeto Samba4 fun ailorukọ ati pinpin faili to ni aabo laarin CentOS ati awọn eto Lainos miiran bii awọn ẹrọ Windows. Pin eyikeyi awọn ero pẹlu wa nipasẹ apakan asọye ni isalẹ.