Jinsi ya Kufunga Samba4 kwenye CentOS 7 kwa Kushiriki Faili kwenye Windows

Katika makala yetu ya mwisho, tulionyesha jinsi ya kusakinisha Samba4 kwenye Ubuntu kwa kushiriki faili za kimsingi kati ya mifumo ya Ubuntu na mashine za Windows. Ambapo tuliangalia kusanidi watu wasiojulikana (bila usalama) na vile vile kushiriki faili salama.

Hapa, tutaelezea jinsi ya kusakinisha na kusanidi Samba4 kwenye CentOS 7 (pia inafanya kazi kwenye RHEL 7) kwa kushiriki faili msingi kati ya mifumo mingine ya Linux na mashine za Windows.

Muhimu: Kuanzia toleo la 4.0, Samba inaweza kufanya kazi kama Kidhibiti cha Kikoa cha Samba4 Active Directory, ambacho kinajumuisha mada muhimu kwa Ubuntu, CentOS, na Windows.

Sakinisha Samba4 kwenye CentOS 7

1. Kwanza sakinisha Samba4 na vifurushi vinavyohitajika kutoka kwa hazina chaguomsingi za CentOS kwa kutumia zana ya kidhibiti kifurushi cha yum kama inavyoonyeshwa.

# yum install samba samba-client samba-common

2. Baada ya kufunga vifurushi vya samba, wezesha huduma za samba kuruhusiwa kupitia firewall ya mfumo na amri hizi.

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

Angalia Mipangilio ya Kikundi cha Kazi cha Mashine ya Windows

3. Kabla ya kuendelea kusanidi samba, hakikisha kuwa mashine ya Windows iko kwenye kikundi kazi sawa cha kusanidiwa kwenye seva ya CentOS.

Kuna njia mbili zinazowezekana za kutazama mipangilio ya kikundi cha kazi cha mashine ya Windows:

  • Kubofya kulia kwenye \Kompyuta hii au \Kompyuta yangu → Sifa → Mipangilio ya kina ya mfumo → Jina la Kompyuta.

  • Vinginevyo, fungua kidokezo cha cmd na utekeleze amri ifuatayo, kisha utafute \kikoa cha kituo cha kazi katika towe kama inavyoonyeshwa hapa chini.

>net config workstation

Inasanidi Samba4 kwenye CentOS 7

4. Faili kuu ya usanidi wa samba ni /etc/samba/smb.conf, faili asili huja na mipangilio ya usanidi wa awali ambayo inaelezea maagizo mbalimbali ya usanidi ili kukuongoza.

Lakini, kabla ya kusanidi samba, ninapendekeza uchukue nakala rudufu ya faili chaguo-msingi kama hii.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Kisha, endelea kusanidi samba kwa huduma zisizojulikana na salama za kushiriki faili kama ilivyoelezwa hapa chini.

5. Kwanza unda saraka iliyoshirikiwa ambapo faili zitahifadhiwa kwenye seva na kuweka ruhusa zinazofaa kwenye saraka.

# mkdir -p /srv/samba/anonymous
# chmod -R 0775 /srv/samba/anonymous
# chown -R nobody:nobody /srv/samba/anonymous

Pia, unahitaji kubadilisha muktadha wa usalama wa SELinux kwa saraka iliyoshirikiwa ya samba kama ifuatavyo.

# chcon -t samba_share_t /srv/samba/anonymous

6. Kisha, fungua faili ya usanidi wa samba kwa uhariri, ambapo unaweza kurekebisha/kuongeza sehemu hapa chini na maagizo yanayofanana.

# vi /etc/samba/smb.conf

[global]
	workgroup = WORKGROUP
	netbios name = centos
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

7. Sasa thibitisha mipangilio ya sasa ya samba kwa kuendesha amri hapa chini.

# testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No

8. Hatimaye, anza na uwashe huduma za samba kuanza kiotomatiki kwenye buti inayofuata na pia tumia mabadiliko yaliyo hapo juu ili kutekelezwa.

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

9. Sasa kwenye mashine ya Windows, fungua \Mtandao kutoka kwa dirisha la Windows Explorer, kisha ubofye kwenye seva pangishi ya CentOS, au sivyo jaribu kufikia seva kwa kutumia anwani yake ya IP (tumia ifconfig amri kupata anwani ya IP).

e.g. \2.168.43.168.

10. Kisha, fungua saraka ya Wasiojulikana na ujaribu kuongeza faili huko ili kushiriki na watumiaji wengine.

Sanidi Ushiriki Salama wa Faili ya Samba4

11. Kwanza anza kwa kuunda kikundi cha mfumo wa samba, kisha ongeza watumiaji kwenye kikundi na uweke nenosiri kwa kila mtumiaji kama hivyo.

# groupadd smbgrp
# usermod tecmint -aG smbgrp
# smbpasswd -a tecmint

12. Kisha unda saraka salama ambapo faili zilizoshirikiwa zitawekwa na kuweka ruhusa zinazofaa kwenye saraka na muktadha wa usalama wa SELinux kwa samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

13. Kisha fungua faili ya usanidi kwa ajili ya kuhariri na kurekebisha/kuongeza sehemu iliyo hapa chini na maagizo yanayolingana.

# vi /etc/samba/smb.conf

[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

14. Tena, thibitisha mipangilio ya usanidi wa samba kwa kuendesha amri ifuatayo.

$ testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure
	read only = No
	valid users = @smbgrp

15. Anzisha upya huduma za Samba ili kutumia mabadiliko.

# systemctl restart smb.service
# systemctl restart nmb.service

16. Nenda kwenye mashine ya Windows, fungua \Mtandao kutoka kwa dirisha la Windows Explorer, kisha ubofye kwenye seva pangishi ya CentOS, au sivyo jaribu kufikia seva kwa kutumia anwani yake ya IP.

e.g. \2.168.43.168.

Utaulizwa kutoa jina lako la mtumiaji na nenosiri ili kuingia kwenye seva ya CentOS. Mara baada ya kuingiza kitambulisho, bofya OK.

17. Mara tu unapoingia kwa ufanisi, utaona saraka zote za samba zilizoshirikiwa. Sasa shiriki kwa usalama baadhi ya faili na watumiaji wengine wanaoruhusiwa kwenye mtandao kwa kuzidondosha kwenye saraka salama.

Unaweza pia kuangalia nakala hizi muhimu kuhusu kushiriki faili ya Samba kwenye mtandao.

  1. Jinsi ya Kuweka/Kushusha Mifumo ya Faili ya Ndani na Mtandao (Samba & NFS) katika Linux
  2. Kutumia ACL (Orodha za Udhibiti wa Ufikiaji) na Kuweka Hisa za Samba/NFS
  3. Jinsi ya Kurekebisha Athari za SambaCry (CVE-2017-7494) katika Mifumo ya Linux

Katika mwongozo huu, tulikuonyesha jinsi ya kusanidi Samba4 kwa kushiriki faili bila majina na salama kati ya CentOS na mifumo mingine ya Linux pamoja na mashine za Windows. Shiriki mawazo yoyote nasi kupitia sehemu ya maoni hapa chini.