Samba Flashcards
What should permissions be on the server and via smb.conf?
Via server they should be to obtain whatever security you want to and the smb.conf file will just add to that security.
If you 770 a share, guests won’t be able to write to that share no matter what options you specify in smb.conf
What do the below mean:
map to guest = bad user
security = user
map to guest = bad user
This means that if you don’t put in good user credentials that exist, it just considers you a guest. Guest’s get the o option in ugoa.
security = user
authentication, user-levle security. You need good creds. Creds are validated against /etc/samba/smbpasswd.
Should you use both the writable and read only options for your share?
No, choose one or the other or you could cause issues with the share.
Create samba server, the global section should include that the security/authentciation will be based on usernames and passwords, the interface of the server, permissions for file and directory creation, and finally the subnets and the ips of the allowed nodes.
The share itself should be writable and only able to be seen by the user frank who can rwx on it.
yum install samba samba-common samab-client
useradd frank
firewall-cmd –permanent –add-service=samba
firewall-cmd –reload
mkdir /smb
chown frank /samba
chmod 770 /samba
chcon -t samba_shrare_t /samba
vi /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = Nathan’s Samba
netbios name = stationa
security = user
interfaces = ens160
create mask = 0770
directory mask = 0770
hosts allow = 192.168.1.0/24 127.0.0.1
[mine]
comment = Global Share
path = /smb
readonly = no
guest ok = No
browsable = No
create mask = 0770
directory mask = 0770
valid users = frank
or hosts allow = ALL
systemctl start {s,n}mb
CLIENT
yum install samba-client cifs-utils -y
mkdir /smb
mount -t cifs -o username=frank //stationa/mine /smb
Remove frank from the animals group
gpasswd -d frank animals
How would the homes section be configured? What does it do and what are its directives?
Automounts users home directory.
setsebool -P samba_enable_home_dirs on
[homes]
comment = Home Directory
read only = no
browsable = no
valid users = %S
what does “map to guest = bad user” mean in the global section?
If the user isn’t found then it is routed to be logged in as just a guess.
add multiple users to the “valid users” directive.
valid users = peter, paul, mary
How would you set the share to have everyone that posts post under the ftp user and group
force group = ftp
force user = ftp
mount your samba share via fstab
LEAVE OUT noauto OR YOUR SHARE WILL HAVE TO BE MANUALY MOUNTED
vi /etc/samba/creds
username=
password=
/etc/fstab/
//192.168.10.179/shared /tmp /nfs smbfs noauto,user,username=alic,password=secret 0 0
or
//192.168.10.179/shared /tmp /nfs smbfs credentials=/etc/samba/credentials 0 0
Add or remove a user from you share server
smbpasswd -a gregg
smbpasswd -x gregg
If you only want users of the “financial” group to access your share, what directive should you use?
valid users = @financial
Configure autofs to mount your samba server
/etc/auto.master
/samba /etc/samba.auto –timeout=60
vi /etc/samba.auto
data -fstype=cifs,rw,credentials=/etc/samba/creds ://Servera/share
You should always add : before your share/nfs server info.
Access samba using samba-client
Show what shares a user has access to pertaining to the Samba server.
smbclient -U user -L 192.168.1.122
smbclient -U user //192.168.1.122/myshare
