Yadda ake Sanya Samba akan Ubuntu don Rarraba Fayil akan Windows

Samba tushe ne na kyauta/buɗewa kuma sanannen software ne da ake amfani dashi don raba fayiloli da ayyukan bugu tsakanin tsarin Unix-kamar Linux gami da rundunonin Windows akan hanyar sadarwa ɗaya.

A cikin wannan jagorar, za mu nuna yadda ake saita Samba4 don ainihin raba fayil tsakanin tsarin Ubuntu da injunan Windows. Za mu rufe abubuwa biyu masu yuwuwa: m (marasa tsaro) da amintaccen raba fayil.

Lura cewa farawa daga sigar 4.0, ana iya amfani da Samba azaman mai sarrafa yanki na Active Directory (AD) (DC). Mun shirya jeri na musamman don kafa Samba4 Active Directory Domain Controller, wanda ya ƙunshi mahimman batutuwa a ƙarƙashin Ubuntu, CentOS, da Windows.

  1. Kafa Samba4 Active Directory Domain Controller

Shigar da Sanya Samba a cikin Ubuntu

Ana samun sabar Samba don shigarwa daga tsoffin wuraren ajiyar Ubuntu ta amfani da kayan aikin sarrafa fakitin da ya dace kamar yadda aka nuna.

$ sudo apt install samba samba-common python-dnspython

Da zarar an shigar da sabar samba, yanzu lokaci ya yi don saita sabar samba azaman: amintaccen amintaccen amintaccen raba fayil.

Don wannan, muna buƙatar gyara babban fayil ɗin daidaitawar Samba /etc/samba/smb.conf (wanda ke bayyana umarnin daidaitawa daban-daban).

Da farko ajiye ainihin fayil ɗin sanyi na samba kamar haka.

$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Bayan haka, za mu ci gaba da saita samba don ayyukan raba fayil ɗin da ba a san su ba kamar yadda aka bayyana a ƙasa.

Muhimmi: Kafin motsi gaba, tabbatar da cewa injin Windows yana cikin rukunin aiki iri ɗaya wanda za'a saita akan sabar Ubuntu.

Shiga cikin injin Windows ɗinku, danna dama akan \Wannan PC ko Kwamfuta ta → Properties → Advanced System Settings → Name Computer don tabbatar da rukunin aiki.

A madadin, buɗe umarni da sauri kuma duba shi ta hanyar gudanar da umarnin da ke ƙasa kuma nemi \yankin wurin aiki.

>net config workstation

Da zarar kun san rukunin aikin ku na Windows lokacinsa don ci gaba da saita sabar samba don raba fayil.

Rarraba Fayil na Samba mara suna

Da farko farawa ta ƙirƙirar kundin adireshin samba mai raba inda za a adana fayilolin.

$ sudo mkdir -p /srv/samba/anonymous_shares

Sannan saita izini masu dacewa akan kundin adireshi.

$ sudo chmod -R 0775 /srv/samba/anonymous_shares
$ sudo chown -R nobody:nogroup /srv/samba/anonymous_shares

Yanzu buɗe fayil ɗin sanyi.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Na gaba gyara ko gyara saitunan umarni kamar yadda aka bayyana a ƙasa.

global]
	workgroup = WORKGROUP
	netbios name = ubuntu
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

Yanzu tabbatar da saitunan samba na yanzu ta hanyar aiwatar da umarnin da ke ƙasa.

$ testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = UBUNTU
	server string = %h server (Samba, Ubuntu)
	server role = standalone server
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
	browseable = No
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	force user = nobody
	read only = No
	guest ok = Yes

Sannan sake kunna sabis na Samba don aiwatar da canje-canjen da ke sama.

$ sudo systemctl restart smbd   [Systemd]
$ sudo service smbd restart     [Sys V]

Jeka na'urar Windows, sannan ka bude Network daga taga Windows Explorer, danna kan uwar garken Ubuntu (TECMINT don shari'ar mu), ko kuma gwada shiga sabar sabar ta amfani da adireshin IP.

\2.168.43.168

Lura: Yi amfani da umarnin ifconfig don samun adireshin IP na uwar garken Ubuntu.

Sa'an nan kuma buɗe kundin adireshin da ba a sani ba kuma gwada ƙara fayiloli a ciki don rabawa tare da sauran masu amfani.

Amintaccen Rarraba Fayil na Samba

Don kalmar sirri-kare rabon samba, kuna buƙatar ƙirƙirar rukuni smbgrp kuma saita kalmar sirri don kowane mai amfani. A cikin wannan misali na yi amfani da aronkilik a matsayin mai amfani da kalmar sirri a matsayin tecmint.

$ sudo addgroup smbgrp
$ sudo usermod aaronkilik -aG smbgrp
$ sudo smbpasswd -a aaronkilik

Lura: Yanayin tsaro na samba: tsaro = mai amfani yana buƙatar abokan ciniki su shigar da sunan mai amfani da kalmar wucewa don haɗawa zuwa hannun jari.

Asusun mai amfani na Samba ya bambanta da asusun tsarin, duk da haka, kuna iya shigar da kunshin libpam-winbind na zaɓi wanda ake amfani da shi don daidaita masu amfani da tsarin da kalmomin shiga tare da bayanan mai amfani da samba.

$ sudo apt install libpam-winbind

Sannan ƙirƙiri amintaccen kundin adireshi inda za a adana fayilolin da aka raba.

$ sudo mkdir -p /srv/samba/secure_shares

Na gaba, saita izini masu dacewa akan kundin adireshi.

$ sudo chmod -R 0770 /srv/samba/secure_shares
$ sudo chown -R root:smbgrp /srv/samba/secure_shares

Yanzu buɗe fayil ɗin sanyi.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Na gaba gyara ko gyara saitunan umarni kamar yadda aka bayyana a ƙasa.

[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure_shares
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

Kamar a da, gudanar da wannan umarni don ganin saitunan samba na yanzu.

$ testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = UBUNTU
	server string = %h server (Samba, Ubuntu)
	server role = standalone server
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb
[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
	browseable = No
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	force user = nobody
	read only = No
	guest ok = Yes
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure_shares
	valid users = @smbgrp
	read only = No

Da zarar kun gama da saitunan da ke sama, sake kunna sabis na Samba don amfani da canje-canje.

$ sudo systemctl restart smbd   [Systemd]
$ sudo service smbd restart     [Sys V]

Kamar yadda yake a baya, a cikin injin Windows, sannan ka buɗe \Network daga taga Windows Explorer. Danna kan mahaɗin Ubuntu (TECMIN don shari'ar mu) Kuna iya samun kuskuren da ke ƙasa, idan ba a ci gaba zuwa mataki na gaba ba.

Yi ƙoƙarin shiga uwar garken ta amfani da adireshin IP ɗin sa, misali. \192.168.43.168 kamar wannan. Sannan shigar da takardun shaidar (username da kalmar sirri) don mai amfani aaronkilik kuma danna OK.

Yanzu zaku duba duk kundayen adireshi, danna kan Amintacce don buɗe shi.

Kuna iya raba wasu fayiloli amintattu tare da wasu masu amfani da aka halatta akan hanyar sadarwa ta hanyar jefa su cikin wannan kundin adireshi.

Kunna Samba a UFW Firewall a cikin Ubuntu

Idan kuna kunna wuta ta UFW akan tsarin ku, dole ne ku ƙara dokoki don ba da damar Samba ya wuce ta Tacewar zaɓinku.

Don gwada wannan, mun yi amfani da tsarin hanyar sadarwa na 192.168.43.0. Gudun umarni da ke ƙasa suna tantance adireshin cibiyar sadarwar ku.

$ sudo ufw allow proto udp to any port 137 from 192.168.43.0/24
$ sudo ufw allow proto udp to any port 138 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 139 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 445 from 192.168.43.0/24

Hakanan zaka iya bincika waɗannan labarai masu amfani game da raba fayil ɗin Samba akan hanyar sadarwa.

  1. Kafa Samba4 Active Directory Domain Controller- Part 1 to 14
  2. Yadda ake Dutsen/Cewa Tsarin Fayil na Gida da hanyar sadarwa (Samba & NFS) a cikin Linux
  3. Amfani da ACLs (Jess ɗin Sarrafa Shiga) da Haɗin Samba/NFS
  4. Yadda za a gyara Rashin lafiyar SambaCry (CVE-2017-7494) a cikin Linux Systems

Shi ke nan! A cikin wannan jagorar, mun nuna muku yadda ake saita Samba4 don amintaccen raba fayil tsakanin injin Ubuntu da Windows. Yi amfani da fom ɗin amsa da ke ƙasa don raba kowane tunani tare da mu.