Bii o ṣe le Fi Samba4 sori ẹrọ lori CentOS 7 fun Pinpin Faili lori Windows
Ninu nkan wa ti o kẹhin, a fihan bi a ṣe le fi Samba4 sori Ubuntu fun pinpin faili ipilẹ laarin awọn ọna Ubuntu ati awọn ẹrọ Windows. Nibiti a ti wo tito leto ailorukọ (aiṣe aabo) bii pipin faili to ni aabo.
Nibi, a yoo ṣe apejuwe bi o ṣe le fi sori ẹrọ ati tunto Samba4 lori CentOS 7 (tun ṣiṣẹ lori RHEL 7) fun pinpin faili ipilẹ laarin awọn eto Linux miiran ati awọn ẹrọ Windows.
Pataki: Bibẹrẹ lati ẹya 4.0, Samba le ṣiṣẹ bi Adarí Iṣakoso Aṣẹ Samba4 Active Directory, eyiti o ni awọn akọle pataki fun Ubuntu, CentOS, ati Windows.
Fi Samba4 sori ẹrọ ni CentOS 7
1. Ni akọkọ fi Samba4 sori ẹrọ ati awọn idii ti a beere lati awọn ibi ipamọ CentOS aiyipada nipa lilo ọpa yum package oluṣakoso bi o ti han.
# yum install samba samba-client samba-common
2. Lẹhin fifi awọn idii samba sii, jẹ ki awọn iṣẹ samba gba laaye nipasẹ ogiriina eto pẹlu awọn ofin wọnyi.
# firewall-cmd --permanent --zone=public --add-service=samba # firewall-cmd --reload
Ṣayẹwo Awọn Eto Ẹgbẹ-iṣẹ Windows Machine
3. Ṣaaju ki o to tẹsiwaju lati tunto samba, rii daju pe ẹrọ Windows wa ni ẹgbẹ iṣẹ kanna lati tunto lori olupin CentOS.
Awọn ọna meji ti o ṣee ṣe wa lati wo awọn eto iṣẹ ẹgbẹ ẹrọ Windows:
- Tite ọtun ni\"PC yii" tabi\"Kọmputa Mi" → Awọn ohun-ini → Awọn eto eto ilọsiwaju Name Orukọ Kọmputa.
- Ni omiiran, ṣii itọsi cmd ki o ṣiṣe aṣẹ atẹle, lẹhinna wa fun “agbegbe iṣẹ” ni iṣẹjade bi a ṣe han ni isalẹ.
>net config workstation
Tito leto Samba4 lori CentOS 7
4. Faili iṣeto samba akọkọ jẹ /etc/samba/smb.conf, faili atilẹba wa pẹlu awọn eto iṣeto-tẹlẹ eyiti o ṣalaye ọpọlọpọ awọn itọsọna iṣeto lati ṣe itọsọna fun ọ.
Ṣugbọn, ṣaaju tito leto samba, Mo daba fun ọ lati mu afẹyinti ti faili aiyipada bii eleyi.
# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig
Lẹhinna, tẹsiwaju lati tunto samba fun awọn ailorukọ ailorukọ ati aabo awọn iṣẹ pinpin bi a ti salaye ni isalẹ.
5. Ni akọkọ ṣẹda itọsọna ti o pin nibiti awọn faili yoo wa ni fipamọ sori olupin ati ṣeto awọn igbanilaaye ti o yẹ lori itọsọna naa.
# mkdir -p /srv/samba/anonymous # chmod -R 0775 /srv/samba/anonymous # chown -R nobody:nobody /srv/samba/anonymous
Paapaa, o nilo lati yi ipo ọrọ aabo SELinux pada fun itọsọna ti o pin samba bi atẹle.
# chcon -t samba_share_t /srv/samba/anonymous
6. Itele, ṣii faili iṣeto samba fun ṣiṣatunkọ, nibi ti o ti le yipada/ṣafikun awọn apakan ni isalẹ pẹlu awọn itọsọna to baamu.
# vi /etc/samba/smb.conf
[global] workgroup = WORKGROUP netbios name = centos security = user [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous browsable =yes writable = yes guest ok = yes read only = no force user = nobody
7. Bayi ṣayẹwo awọn eto samba lọwọlọwọ nipa ṣiṣe pipaṣẹ ni isalẹ.
# testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print$]" Processing section "[Anonymous]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = centos printcap name = cups security = USER idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories browseable = No inherit acls = Yes read only = No valid users = %S %D%w%S [printers] comment = All Printers path = /var/tmp browseable = No printable = Yes create mask = 0600 [print$] comment = Printer Drivers path = /var/lib/samba/drivers create mask = 0664 directory mask = 0775 write list = root [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous force user = nobody guest ok = Yes read only = No
8. Lakotan, bẹrẹ ati mu awọn iṣẹ samba ṣiṣẹ lati bẹrẹ laifọwọyi ni bata atẹle ki o tun lo awọn ayipada ti o wa loke lati ni ipa.
# systemctl enable smb.service # systemctl enable nmb.service # systemctl start smb.service # systemctl start nmb.service
9. Bayi lori ẹrọ Windows, ṣii\"Nẹtiwọọki" lati window Windows Explorer, lẹhinna tẹ lori ile-iṣẹ CentOS, tabi ohun miiran gbiyanju lati wọle si olupin nipa lilo adiresi IP rẹ (lo aṣẹ ifconfig lati gba adiresi IP).
e.g. \2.168.43.168.
10. Nigbamii, ṣii itọsọna Anonymous ki o gbiyanju lati ṣafikun awọn faili ni nibẹ lati pin pẹlu awọn olumulo miiran.
Ṣeto Samba4 Pinpin Faili Ni aabo
11. Ibẹrẹ akọkọ nipa ṣiṣẹda ẹgbẹ eto samba kan, lẹhinna ṣafikun awọn olumulo si ẹgbẹ ki o ṣeto ọrọ igbaniwọle fun olumulo kọọkan bii bẹẹ.
# groupadd smbgrp # usermod tecmint -aG smbgrp # smbpasswd -a tecmint
12. Lẹhinna ṣẹda itọsọna ti o ni aabo nibiti awọn faili ti o pin yoo wa ni fipamọ ati ṣeto awọn igbanilaaye ti o yẹ lori itọsọna pẹlu ipo aabo SELinux fun samba.
# mkdir -p /srv/samba/secure # chmod -R 0770 /srv/samba/secure # chown -R root:smbgrp /srv/samba/secure # chcon -t samba_share_t /srv/samba/secure
13. Nigbamii ṣii faili iṣeto fun ṣiṣatunkọ ati yipada/ṣafikun apakan ni isalẹ pẹlu awọn itọsọna to baamu.
# vi /etc/samba/smb.conf
[Secure] comment = Secure File Server Share path = /srv/samba/secure valid users = @smbgrp guest ok = no writable = yes browsable = yes
14. Lẹẹkansi, ṣayẹwo awọn eto iṣeto samba nipa ṣiṣe pipaṣẹ wọnyi.
$ testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print$]" Processing section "[Anonymous]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = centos printcap name = cups security = USER idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories browseable = No inherit acls = Yes read only = No valid users = %S %D%w%S [printers] comment = All Printers path = /var/tmp browseable = No printable = Yes create mask = 0600 [print$] comment = Printer Drivers path = /var/lib/samba/drivers create mask = 0664 directory mask = 0775 write list = root [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous force user = nobody guest ok = Yes read only = No [Secure] comment = Secure File Server Share path = /srv/samba/secure read only = No valid users = @smbgrp
15. Tun awọn iṣẹ Samba tun bẹrẹ lati lo awọn ayipada naa.
# systemctl restart smb.service # systemctl restart nmb.service
16. Lọ si ẹrọ Windows, ṣii\"Nẹtiwọọki" lati window Windows Explorer, lẹhinna tẹ lori ile-iṣẹ CentOS, tabi bẹẹkọ gbiyanju lati wọle si olupin nipa lilo adirẹsi IP rẹ.
e.g. \2.168.43.168.
A yoo beere lọwọ rẹ lati pese orukọ olumulo ati ọrọ igbaniwọle rẹ lati buwolu wọle ni olupin CentOS. Lọgan ti o ba ti tẹ awọn iwe-ẹri sii, tẹ O DARA.
17. Lọgan ti o ba buwolu wọle ni aṣeyọri, iwọ yoo wo gbogbo awọn ilana itọsọna ti samba. Bayi ni aabo pin diẹ ninu awọn faili pẹlu awọn olumulo miiran ti a gba laaye lori nẹtiwọọki nipa sisọ wọn silẹ ni itọsọna Secure.
O tun le ṣayẹwo awọn nkan ti o wulo wọnyi nipa pinpin faili Samba lori nẹtiwọọki kan.
- Bii a ṣe le Oke/Unmount Agbegbe ati Nẹtiwọọki (Samba & NFS) Awọn ilana Awọn faili ni Linux
- Lilo ACLs (Awọn atokọ Iṣakoso Wiwọle) ati Samba iṣagbega/NFS Awọn mọlẹbi Bii a ṣe le ṣatunṣe Ailera SambaCry (CVE-2017-7494) ninu Awọn ọna Linux
Ninu itọsọna yii, a fihan ọ bi o ṣe le ṣeto Samba4 fun ailorukọ ati pinpin faili to ni aabo laarin CentOS ati awọn eto Lainos miiran bii awọn ẹrọ Windows. Pin eyikeyi awọn ero pẹlu wa nipasẹ apakan asọye ni isalẹ.