Jinsi ya Kufunga Samba kwenye Ubuntu kwa Kushiriki Faili kwenye Windows
Samba ni chanzo huria/wazi na programu inayotumika sana kwa kushiriki faili na huduma za kuchapisha kati ya mifumo inayofanana na Unix ikijumuisha wapangishi wa Linux na Windows kwenye mtandao mmoja.
Katika mwongozo huu, tutaonyesha jinsi ya kusanidi Samba4 kwa ugavi wa faili msingi kati ya mifumo ya Ubuntu na mashine za Windows. Tutashughulikia hali mbili zinazowezekana: bila jina (isiyo salama) na kushiriki faili salama.
Kumbuka kuwa kuanzia toleo la 4.0, Samba inaweza kutumika kama kidhibiti cha kikoa cha Saraka Inayotumika (AD) (DC). Tumepanga mfululizo maalum wa kusanidi Kidhibiti cha Kikoa cha Samba4 Active Directory, ambacho kinajumuisha mada muhimu chini ya Ubuntu, CentOS, na Windows.
- Kuweka Kidhibiti Kikoa cha Saraka Amilifu cha Samba4
Sakinisha na Usanidi Samba katika Ubuntu
Seva ya Samba inapatikana kusakinishwa kutoka kwa hazina chaguo-msingi za Ubuntu kwa kutumia zana ya kidhibiti cha kifurushi kama inavyoonyeshwa.
$ sudo apt install samba samba-common python-dnspython
Mara baada ya seva ya samba kusakinishwa, sasa ni wakati wake wa kusanidi seva ya samba kama: kutokujulikana na kushiriki faili kwa usalama.
Kwa hili, tunahitaji kuhariri faili kuu ya usanidi wa Samba /etc/samba/smb.conf (ambayo inaelezea maelekezo mbalimbali ya usanidi).
Kwanza chelezo faili asili ya usanidi wa samba kama ifuatavyo.
$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig
Baadaye, tutaendelea kusanidi samba kwa huduma zisizojulikana na salama za kushiriki faili kama ilivyoelezwa hapa chini.
Muhimu: Kabla ya kusonga mbele zaidi, hakikisha kuwa mashine ya Windows iko kwenye kikundi cha kazi ambacho kitasanidiwa kwenye seva ya Ubuntu.
Ingia kwenye mashine yako ya Windows, bofya kulia kwenye \Kompyuta hii au \Kompyuta yangu → Sifa → Mipangilio ya Mfumo wa Juu → Jina la Kompyuta ili kuthibitisha kikundi cha kazi.
Vinginevyo, fungua kidokezo cha amri na uitazame kwa kutekeleza amri iliyo hapa chini na utafute \kikoa cha kituo cha kazi.
>net config workstation
Mara tu unapojua kikundi chako cha kazi cha Windows wakati wake wa kusonga mbele na kusanidi seva ya samba kwa kushiriki faili.
Kushiriki Faili za Samba Kusikojulikana
Kwanza anza kwa kuunda saraka ya samba iliyoshirikiwa ambapo faili zitahifadhiwa.
$ sudo mkdir -p /srv/samba/anonymous_shares
Kisha weka ruhusa zinazofaa kwenye saraka.
$ sudo chmod -R 0775 /srv/samba/anonymous_shares $ sudo chown -R nobody:nogroup /srv/samba/anonymous_shares
Sasa fungua faili ya usanidi.
$ sudo vi /etc/samba/smb.conf OR $ sudo nano /etc/samba/smb.conf
Ifuatayo hariri au rekebisha mipangilio ya maagizo kama ilivyoelezwa hapa chini.
global] workgroup = WORKGROUP netbios name = ubuntu security = user [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous_shares browsable =yes writable = yes guest ok = yes read only = no force user = nobody
Sasa thibitisha mipangilio ya sasa ya samba kwa kuendesha amri hapa chini.
$ testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "syslog" option is deprecated Processing section "[printers]" Processing section "[print$]" Processing section "[Shares]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = UBUNTU server string = %h server (Samba, Ubuntu) server role = standalone server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = No [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous_shares force user = nobody read only = No guest ok = Yes
Kisha anzisha upya huduma za Samba ili kutekeleza mabadiliko yaliyo hapo juu.
$ sudo systemctl restart smbd [Systemd] $ sudo service smbd restart [Sys V]
Nenda kwenye mashine ya Windows, na ufungue \Mtandao kutoka kwa dirisha la Windows Explorer.Bofya kwenye seva pangishi ya Ubuntu (TECMINT kwa upande wetu), au sivyo jaribu kufikia seva ya samba kwa kutumia anwani yake ya IP.
\2.168.43.168
Kumbuka: Tumia amri ya ifconfig kupata anwani yako ya IP ya seva ya Ubuntu.
Kisha fungua saraka ya Asiyejulikana na ujaribu kuongeza faili hapo ili kushiriki na watumiaji wengine.
Salama Kushiriki Faili ya Samba
Ili nenosiri-kulinda kushiriki samba, unahitaji kuunda kikundi smbgrp na kuweka nenosiri kwa kila mtumiaji. Katika mfano huu mimi hutumia aaronkilik kama mtumiaji na nenosiri kama tecmint.
$ sudo addgroup smbgrp $ sudo usermod aaronkilik -aG smbgrp $ sudo smbpasswd -a aaronkilik
Kumbuka: Hali ya usalama ya samba: usalama = mtumiaji inahitaji mteja kuingiza jina la mtumiaji na nenosiri ili kuunganisha kwa hisa.
Akaunti za watumiaji wa Samba ni tofauti na akaunti za mfumo, hata hivyo, unaweza kusakinisha kwa hiari kifurushi cha libpam-winbind ambacho kinatumika kusawazisha watumiaji wa mfumo na manenosiri na hifadhidata ya mtumiaji wa samba.
$ sudo apt install libpam-winbind
Kisha unda saraka salama ambapo faili zilizoshirikiwa zitawekwa.
$ sudo mkdir -p /srv/samba/secure_shares
Ifuatayo, weka ruhusa zinazofaa kwenye saraka.
$ sudo chmod -R 0770 /srv/samba/secure_shares $ sudo chown -R root:smbgrp /srv/samba/secure_shares
Sasa fungua faili ya usanidi.
$ sudo vi /etc/samba/smb.conf OR $ sudo nano /etc/samba/smb.conf
Ifuatayo hariri au rekebisha mipangilio ya maagizo kama ilivyoelezwa hapa chini.
[Secure] comment = Secure File Server Share path = /srv/samba/secure_shares valid users = @smbgrp guest ok = no writable = yes browsable = yes
Kama hapo awali, endesha amri hii ili kuona mipangilio yako ya sasa ya samba.
$ testparm
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "syslog" option is deprecated Processing section "[printers]" Processing section "[print$]" Processing section "[Shares]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = UBUNTU server string = %h server (Samba, Ubuntu) server role = standalone server map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = No [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous_shares force user = nobody read only = No guest ok = Yes [Secure] comment = Secure File Server Share path = /srv/samba/secure_shares valid users = @smbgrp read only = No
Mara tu unapomaliza usanidi ulio hapo juu, anzisha tena huduma za Samba ili kutekeleza mabadiliko.
$ sudo systemctl restart smbd [Systemd] $ sudo service smbd restart [Sys V]
Kama hapo awali, kwenye mashine ya Windows, na ufungue \Mtandao kutoka kwa dirisha la Windows Explorer.Bofya kwenye seva pangishi ya Ubuntu (TECMINT kwa ajili yetu).Unaweza kupata hitilafu hapa chini, usipoendelea na hatua inayofuata.
Jaribu kufikia seva kwa kutumia anwani yake ya IP, k.m. \\192.168.43.168 kama hii. Kisha ingiza sifa (jina la mtumiaji na nenosiri) kwa mtumiaji aaronkilik na ubofye OK.
Sasa utaangalia saraka zote zilizoshirikiwa, bofya Salama ili kuifungua.
Unaweza kushiriki baadhi ya faili kwa usalama na watumiaji wengine wanaoruhusiwa kwenye mtandao kwa kuzidondosha kwenye saraka hii.
Washa Samba katika UFW Firewall katika Ubuntu
Ikiwa una ngome ya UFW iliyowezeshwa/inatumika kwenye mfumo wako, lazima uongeze sheria ili kuruhusu Samba kupita kwenye ngome yako.
Ili kujaribu hili, tumetumia mpango wa mtandao wa 192.168.43.0. Tekeleza amri zilizo hapa chini ukibainisha anwani ya mtandao wako.
$ sudo ufw allow proto udp to any port 137 from 192.168.43.0/24 $ sudo ufw allow proto udp to any port 138 from 192.168.43.0/24 $ sudo ufw allow proto tcp to any port 139 from 192.168.43.0/24 $ sudo ufw allow proto tcp to any port 445 from 192.168.43.0/24
Unaweza pia kuangalia nakala hizi muhimu kuhusu kushiriki faili ya Samba kwenye mtandao.
- Kuweka Kidhibiti cha Kikoa cha Samba4 Active Directory- Sehemu ya 1 hadi 14
- Jinsi ya Kuweka/Kushusha Mifumo ya Faili ya Ndani na Mtandao (Samba & NFS) katika Linux
- Kutumia ACL (Orodha za Udhibiti wa Ufikiaji) na Kuweka Hisa za Samba/NFS
- Jinsi ya Kurekebisha Athari za SambaCry (CVE-2017-7494) katika Mifumo ya Linux
Ni hayo tu! Katika mwongozo huu, tulikuonyesha jinsi ya kusanidi Samba4 kwa kushiriki faili bila kujulikana na salama kati ya mashine za Ubuntu na Windows. Tumia fomu ya maoni iliyo hapa chini kushiriki mawazo yoyote nasi.