Otu esi etinye Samba4 na CentOS 7 maka ịkekọrịta faịlụ na Windows

N'edemede ikpeazụ anyị, anyị gosiri otu esi etinye Samba4 na Ubuntu maka nkesa faịlụ bụ isi n'etiti sistemụ Ubuntu na igwe Windows. Ebe anyị lere anya ịhazi ahaghị aha (enweghị nchebe) yana nkesa faịlụ echekwara.

N'ebe a, anyị ga-akọwa otu esi etinye na hazie Samba4 na CentOS 7 (na-arụkwa ọrụ na RHEL 7) maka nkesa faịlụ bụ isi n'etiti sistemụ Linux ndị ọzọ na igwe Windows.

Ihe dị mkpa: Malite na ụdị 4.0, Samba nwere ike ịgba ọsọ dị ka Samba4 Active Directory Domain Controller, nke gụnyere isiokwu dị egwu maka Ubuntu, CentOS, na Windows.

Wụnye Samba4 na CentOS 7

1. Buru ụzọ tinye Samba4 na ngwugwu achọrọ site na ebe nchekwa CentOS ndabara site na iji ngwa njikwa ngwugwu yum dị ka egosiri.

# yum install samba samba-client samba-common

2. Mgbe ị wụnye ngwugwu samba, mee ka ọrụ samba kwenye site na firewall system na iwu ndị a.

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

Lelee ntọala otu Windows Machine Work

3. Tupu ị gaa n'ihu ịhazi samba, jide n'aka na igwe Windows dị n'otu otu ọrụ a ga-ahazi na sava CentOS.

Enwere ụzọ abụọ enwere ike ịlele ntọala igwe ọrụ Windows:

  • Pụnye aka nri na PC a ma ọ bụ kọmpụta m → Njirimara → Ntọala sistemụ dị elu → Aha Kọmputa.

  • N'aka nke ọzọ, mepee cmd ozugbo wee mee iwu na-esonụ, wee chọọ ngalaba ọrụ ngalaba ọrụ na mmepụta dị ka egosiri n'okpuru.

>net config workstation

Na-ahazi Samba4 na CentOS 7

4. Isi faịlụ nhazi samba bụ /etc/samba/smb.conf, faịlụ mbụ na-abịa na nhazi nhazi nhazi nke na-akọwa ntụziaka nhazi dị iche iche iji duzie gị.

Mana, tupu ịhazi samba, ana m atụ aro ka ị were ndabere nke faịlụ ndabara dị ka nke a.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Mgbe ahụ, gaba n'ihu hazie samba maka ọrụ nkesa faịlụ na-amaghị aha yana echekwara dị ka akọwara n'okpuru.

5. Mbụ mepụta ndekọ nkekọrịta ebe a ga-echekwa faịlụ na ihe nkesa ma debe ikike kwesịrị ekwesị na ndekọ.

# mkdir -p /srv/samba/anonymous
# chmod -R 0775 /srv/samba/anonymous
# chown -R nobody:nobody /srv/samba/anonymous

Ọzọkwa, ịkwesịrị ịgbanwe ọnọdụ nchekwa SELinux maka ndekọ ndekọ nke samba dị ka ndị a.

# chcon -t samba_share_t /srv/samba/anonymous

6. Ọzọ, mepee faịlụ nhazi samba maka edezi, ebe ị nwere ike gbanwee/gbakwunye akụkụ ndị dị n'okpuru na ntụziaka kwekọrọ.

# vi /etc/samba/smb.conf

[global]
	workgroup = WORKGROUP
	netbios name = centos
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

7. Ugbu a nyochaa samba ntọala ugbu a site na-agba ọsọ iwu n'okpuru.

# testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No

8. N'ikpeazụ, malite ma mee ka ọrụ samba malite na-akpaghị aka na akpụkpọ ụkwụ ọzọ ma tinyekwa mgbanwe ndị dị n'elu iji mee ihe.

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

9. Ugbu a na igwe Windows, mepee \Network site na windo Windows Explorer, wee pịa CentOS host, ma ọ bụ ọzọ gbalịa ịnweta ihe nkesa site na iji adreesị IP ya (jiri ifconfig iwu iji nweta adreesị IP).

e.g. \2.168.43.168.

10. Ọzọ, mepee ndekọ aha Anonymous ma gbalịa ịgbakwunye faịlụ n'ebe ahụ iji kesaa ndị ọrụ ndị ọzọ.

Tọọ Samba4 Ịkekọrịta faịlụ echekwara

11. Buru ụzọ malite site n'ịmepụta otu samba sistemu, wee tinye ndị ọrụ n'ime otu ma debe paswọọdụ maka onye ọrụ ọ bụla dị ka ya.

# groupadd smbgrp
# usermod tecmint -aG smbgrp
# smbpasswd -a tecmint

12. Mgbe ahụ, mepụta ndekọ nchekwa nchekwa ebe a ga-edobe faịlụ ndị a na-ekekọrịta ma debe ikike kwesịrị ekwesị na ndekọ na SELinux nchekwa nchekwa maka samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

13. Ọzọ mepee faịlụ nhazi maka edezi ma gbanwee/gbakwunye ngalaba dị n'okpuru na ntụziaka kwekọrọ.

# vi /etc/samba/smb.conf

[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

14. Ọzọ, nyochaa ntọala nhazi samba site na ịme iwu na-esonụ.

$ testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure
	read only = No
	valid users = @smbgrp

15. Malitegharịa ọrụ Samba ka itinye mgbanwe ahụ.

# systemctl restart smb.service
# systemctl restart nmb.service

16. Gaa na igwe Windows, mepee \Network na mpio Windows Explorer, wee pịa CentOS host, ma ọ bụ ihe ọzọ gbalịa iji adreesị IP ya nweta ihe nkesa ahụ.

e.g. \2.168.43.168.

A ga-ajụ gị ka ịnye aha njirimara na paswọọdụ gị iji banye sava CentOS. Ozugbo i debanyere nzere, pịa OK.

17. Ozugbo ị na-aga nke ọma nbanye, ị ga-ahụ niile samba òkè directories. Ugbu a kesaa ụfọdụ faịlụ n'etiti ndị ọrụ ndị ọzọ anabatara na netwọk site na idobe ha na ndekọ nchekwa nchekwa.

Ị nwekwara ike lelee akụkọ ndị a bara uru gbasara ikesa faịlụ Samba na netwọk.

  1. Etu esi ewulite/iwepụ sistemụ faịlụ mpaghara na netwọkụ (Samba & NFS) na Linux
  2. Iji ACLs (Nchịkọta Nnweta) yana Mịkwasa Samba/NFS
  3. Etu esi edozi nsogbu SambaCry (CVE-2017-7494) na Sistemụ Linux

N'ime ntuziaka a, anyị gosiri gị otu esi edozi Samba4 maka nkesa faịlụ amaghị aha yana echekwara n'etiti CentOS na sistemụ Linux ndị ọzọ yana igwe Windows. Gwa anyị echiche ọ bụla site na ngalaba nkọwa n'okpuru.