സാംബ സജ്ജീകരണം

N
നെറ്റൂസ്
സെപ്റ്റംബർ 26, 2019

There may not be a single office where the shared resources of the local network, such as folders and printers, are not utilised. Large and medium-sized businesses use Active Directory's capabilities, whereas smaller businesses use Windows or Samba's conventional tools, but on Linux servers. Let us consider all possibilities.

What is Samba?

Samba is a server application that uses the SMB/CIFS protocol to give client terminals access to folders, printers, and disks.

Setting up shared folders

ലിനക്സ്

Installing and configuring the Samba server for Ubuntu is carried out in the following steps.

Update information about repositories and install updates for existing packages in the system:

apt-get update && apt-get update

Install the Samba package:

apt-get install -y samba samba-client

Let's create a backup copy of the configuration file:

cp /etc/samba/smb.conf /etc/samba/smb.conf_sample

Let's create directories for files, for example in the /media directory:

mkdir /media/samba

പ്രധാനപ്പെട്ടത്! By default, the /media directory is located at the system root / and rarely has its own partition. For this reason, it is possible for the root partition to overflow. To avoid this unpleasant situation, we recommend mounting a separate hard disk in /media/samba.

Create a directory for all users:

mkdir /media/samba/public

Change directory permissions:

chmod -R 0755 /media/samba/public

You should also use the chown command to change the owner and/or group.

Create a directory for a limited circle of people:

mkdir /media/samba/private

Let's create a user group using the system tools:

groupadd smbgrp

Adding Samba Users:

userradd ഉപയോക്താവ് 1

We add the created users to the group:

usermod -aG smbgrp user1

Change the group that owns the private directory:

chgrp smbgrp /media/samba/private

Using the Samba tools, create a password for the added user:

smbpasswd -a user1

Using a text editor, such as nano, edit the samba configuration file:

nano /etc/samba/smb.conf

Delete all lines from the file. Insert the following:

[ആഗോള]

workgroup = WORKGROUP

സുരക്ഷ = ഉപയോക്താവ്

അതിഥിയിലേക്കുള്ള മാപ്പ് = മോശം ഉപയോക്താവ്

wins support = no

dns പ്രോക്സി = ഇല്ല

 

[public]

path = /media/samba/public

അതിഥി ശരി = അതെ

force user = nobody

browsable = അതെ

എഴുതാവുന്ന = അതെ

 

[സ്വകാര്യ]

path = /media/samba/private

valid users = @smbgrp

അതിഥി ശരി = ഇല്ല

browsable = അതെ

എഴുതാവുന്ന = അതെ

Save using Ctrl + X , then press Y and Enter.

Let's explain the meaning of the lines. The configuration file consists of three sections:

ഗ്ലോബൽ - this section is responsible for the general settings of the Samba server;

പൊതു ഒപ്പം സ്വകാര്യ - sections describing settings for shared directories.

There are five parameters in the ഗ്ലോബൽ section :

  • വർക്ക് ഗ്രൂപ്പ് - working group. To simplify the user experience, WORKGROUP is specified as the default group. If your network has changed the workgroup name, then you should change this value for Samba as well;
  • സുരക്ഷ - server security level. The user value means authorization by a login/password pair;
  • അതിഥിയിലേക്ക് മാപ്പ് ചെയ്യുക - parameter determines how requests are processed. The value bad user means that requests with an incorrect password will be rejected even if such a username exists;
  • wins support - enable or disable WINS support;
  • dns proxy - the ability to proxy requests to DNS.

Directory settings are performed in the corresponding sections:

പാത - full path to the directory on the hard drive;

അതിഥി ശരി - the ability to access the directory without a password (guest);

browsable - whether to show a directory (“ball”) on the server, among others. If the parameter is set to “no”, then access will be possible by the full path, for example ip-addresshidden_directory;

force user - the user from which the directory is being processed. To improve the security of the server, nobody is usually used. The main thing is not to use the root user - it's not safe.

എഴുതാൻ കഴിയുന്ന - setting the value to "yes" allows the user to perform actions on files inside the directory - renaming, adding, deleting, moving to a subdirectory and copying;

സാധുവായ ഉപയോക്താക്കൾ - list of users who have access to the directory. If there are several users, their names are separated by commas. If access is required for users belonging to a group, the group name is preceded by the symbol ”at” @ (“dog”).

പ്രധാനപ്പെട്ടത്! The name of the shared directory displayed to users is equal to the name of the section in which it is described.

Check the settings with the command:

testparm -s

Restarting the server:

service smbd restart

service nmbd restart

Set up a firewall. To do this, in the rules we will open TCP ports 139 and 445, as well as UDP ports 137 and 138, but only for those subnets that you trust. To specify your own range of addresses, replace the value after the “-s” key:

iptables -A INPUT -p tcp -m tcp --dport 445 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 139 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 137 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 138 -s 10.0.0.0/24 -j ACCEPT

To save the rules and apply them after a server reboot, use the iptables-persistent package. Let's install it:

apt-get install iptables-persistent

When installing the package, the program will prompt you to remember the existing iptables rules. We confirm this action.

To check existing rules, we use:

iptables -L

വിൻഡോസ്

By analogy with Linux, let's set up shared access to public and private folders, but in Windows OS.

To create a shared directory without password protection, you need to configure security restrictions in the control panel. To do this, open:

Control Panel → Network → Network and Sharing Center → Advanced sharing settings.

In the updated window, open the “All networks” section and look for the “Sharing with password protection” section. Set the option to "Disable password protected sharing". To save the parameter values, click on the “ മാറ്റങ്ങൾ സംരക്ഷിക്കുക "ബട്ടൺ.

Now let's open access to the directory itself. Right-click on the folder and select "Properties" from the context menu. Open the "Access" tab and click on "Advanced settings".

In the advanced sharing settings window that opens, check the box “Share this folder”, in the “Share name” field, specify the name that will be displayed to users. Click on the "Permissions" button.

In the window that opens, in the user groups, select “Everyone”, and in the permissions for the group, check the “Full control” checkbox. Click “OK” in this and other windows.

In the properties window of the public folder, click on the “Sharing” button.

In the window that opens, add the user “Everyone”, and also delegate the rights to “Read and write”. Click on the "Share" button.

In the updated window, click "Finish".

Let's set up a shared folder, but for a limited circle of people.

Right-click on the folder, select " പ്രോപ്പർട്ടീസ് ".

In the window that opens, go to the " പ്രവേശനം " ടാബ്. ക്ലിക്ക് ചെയ്യുക " വിപുലമായ ക്രമീകരണങ്ങൾ "ബട്ടൺ.

In the new window that opens, check the box " Share this folder ". Then click on the " അനുമതികൾ "ബട്ടൺ.

In the window that opens, in the “ Groups or users ” field, select “ എല്ലാം "ക്ലിക്ക് ചെയ്ത്" ഇല്ലാതാക്കുക "ബട്ടൺ.

Thus, a ban on anonymous access to the folder is set.

The window will update. ഇവിടെ ക്ലിക്ക് ചെയ്യുക " ചേർക്കുക "ബട്ടൺ.

In the window that opens, click on the " അധികമായ "ബട്ടൺ.

The window will change in size. ക്ലിക്ക് ചെയ്യുക " തിരയൽ "ബട്ടൺ. Double-click to select the user who needs access to this directory, for example, buhgalter.

In the window that opens, if desired, we can add another user through “ അധികമായ ” - “ തിരയൽ ". Similarly, you can add a user group, for example, “ കാര്യനിർവാഹകർ ”, while it should be understood that access will be granted to all users from this group.

Set permissions for the user “buhgalter”. If full access to the directory is required, check the box in the appropriate place.

By pressing the “ OK ” buttons, we return to the folder properties window, in which we click on the “ പങ്കിടുന്നു ”ബട്ടൺ.

In this window, you need to find and add the accountant user.

In the window for selecting users and groups, click on the " വിപുലമായ "ബട്ടൺ.

The window will resize itself again. ക്ലിക്ക് ചെയ്യുക " തിരയൽ "ബട്ടൺ. In the list of users and groups found below, select the user you are looking for. Select it by double clicking.

In the remaining window, check if the users are specified correctly and click the “ OK "ബട്ടൺ.

Set the required permission level for the user and click on the “ പങ്കിടുക "ബട്ടൺ.

We click on the “ ചെയ്തുകഴിഞ്ഞു "ബട്ടൺ.

Connecting to shared folders

From Linux

To connect to shared folders from a Linux environment, you need to install a separate software - smbclient. ഇൻസ്റ്റാൾ ചെയ്യുക:

sudo apt-get install smbclient

The following command format is used to connect to the server:

smbclient -U <Имя_пользователя> <IP-адрес><Имя_каталога_на_сервере>

ഉദാഹരണം:

smbclient -U buhgalter 10.0.0.1public

In order not to enter this command every time, you can configure mounting the shared directory as a network drive. To do this, install the cifs-utils package:

sudo apt-get install cifs-utils

Mounting is performed according to the following pattern:

mount -t cifs -o username=<Имя_пользователя>,password= //<IP-адрес>/<Общий каталог> <Точка монтирования>

ഉദാഹരണം:

mount -t cifs -o username=Everyone,password= //10.0.0.1/public /media

പ്രധാനപ്പെട്ടത്! If you need to connect to shared folders located on a Windows server, then for non-password protected directories, you should use “Everyone” as the username. To connect to a Linux server, we recommend using "nobody" as the username. In the case of access to protected directories, you should use the credentials that you specified.

വിൻഡോസിൽ നിന്ന്

Connecting to remote folders from a Windows environment is a little different. To do this, in Explorer or the program launch window (Windows + R), you should use the following template:

<IP-адрес><имя_папки>

By simply specifying the server's IP address, you will get a list of shared folders.

When connecting to a Windows server, the security system may require you to enter credentials. To connect to a shared open folder, use Everyone, and leave the password field blank.

When connecting to a Linux server from Windows OS, you should use the previously specified template:

<IP-адрес><имя_папки>

or just the server address:

<IP-адрес>

നിങ്ങളുടെ ക്ലൗഡ് യാത്ര ആരംഭിക്കണോ? ഇപ്പോൾ തന്നെ ആദ്യപടി സ്വീകരിക്കുക.