Scribd
Upload
40 views5 pages

TH C Hành Bu I 5:install NFS & SAMBA

This document provides instructions for installing NFS and Samba on CentOS servers and clients. It includes steps to: 1) Install NFS server and configure the exports, firewall, SELinux, and start services. 2) Install NFS client and configure mounting of shared directories. 3) Install Samba server, configure security, create a shared folder, start services, and add a Samba user. 4) Access the Samba share from a Windows client by mapping a network drive.

Uploaded by

Minh Tuấn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views5 pages

TH C Hành Bu I 5:install NFS & SAMBA

This document provides instructions for installing NFS and Samba on CentOS servers and clients. It includes steps to: 1) Install NFS server and configure the exports, firewall, SELinux, and start services. 2) Install NFS client and configure mounting of shared directories. 3) Install Samba server, configure security, create a shared folder, start services, and add a Samba user. 4) Access the Samba share from a Windows client by mapping a network drive.

Uploaded by

Minh Tuấn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Thc Hnh Bui 5:Install NFS & SAMBA

NFS
Install NFS server:
[root@dlp ~]# yum -y install nfs-utils
[root@dlp ~]# vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name
Domain = vanhoa.org
[root@dlp ~]# vi /etc/exports
# write like below
/home 192.168.11.0/24(rw,sync,no_root_squash,no_all_squash)
#/home shared directory
#192.168.11.0/24 range of networks NFS permits accesses
#rw writable
#sync synchronize
#no_root_squash enable root privilege
#no_all_squash enable users' authority
[root@dlp ~]# systemctl start rpcbind.service
[root@dlp ~]# systemctl start nfs-server.service
[root@dlp ~]# systemctl start nfs-lock.service
[root@dlp ~]# systemctl start nfs-idmap.service
Configure Iptables Firewall for NFS

First edit the /etc/sysconfig/nfs file and uncomment these directives. You can
customize the ports if you wish but I will stick with the defaults:
# vi /etc/sysconfig/nfs
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
We now need to modify the iptables firewall configuration to allow access to the NFS
ports. I will use the iptables command and insert the appropriate rules:
# iptables -I INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT
# iptables -I INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j
ACCEPT

Now save the iptables configuration to the config file so it will apply when the system is
restarted:
# service iptables save
Configure SELinux for NFS Export
Rather than disable SELinux it is a good idea to configure it to allow remote clients to
access files that are exported via NFS share. This is fairly simple and involves setting the
SELinux boolean value using the setsebool utility. In this example well use the
read/write boolean but we can also use nfs_export_all_ro to allow NFS exports readonly and use_nfs_home_dirs to allow home directories to be exported.
# setsebool -P nfs_export_all_rw 1

Now we will start the NFS services:


#
#

service
service

rpcbind
nfs

start
start

# service nfslock start


Install NFS Client:
[root@www ~]# yum -y install nfs-utils
[root@www ~]# vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name
Domain = vanhoa.org
[root@www ~]# systemctl start rpcbind.service
[root@www ~]# systemctl start nfs-lock.service
[root@www ~]# systemctl start nfs-idmap.service
[root@www ~]# systemctl start nfs-mountd.service
[root@www ~]# vi /etc/hosts
# add at the last line
192.168.11.12 server.nis.com
[root@www ~]# mount -t nfs server.nis.com:/home /home
[root@www ~]# df -h
[root@www ~]# vi /etc/fstab
# add at the last line: change home directory this server mounts to the one on NFS
# Auto mount at boot
server.nis.com:/home /home nfs defaults 0 0

SAMBA
Install Server:
[root@localhost ~]# systemctl stop firewalld.service
[ 708.149082] Ebtables v2.0 unregistered
[root@localhost ~]# systemctl disable firewalld.service
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# change

# SELINUXTYPE= type of policy in use. Possible values are:


# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
[root@lan ~]# groupadd security
[root@lan ~]# mkdir /home/security
[root@lan ~]# chgrp security /home/security
[root@lan ~]# chmod 770 /home/security
[root@lan ~]# vi /etc/samba/smb.conf
# line 98: uncomment

max protocol = SMB2


# line 126: add
security = user
passdb backend = tdbsam
map to guest = Never
# add at the last line
[Security]

# any name you like

path = /home/security
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no

# guest not allowed

valid users = @security

# allow only "security" group

[root@lan ~]# systemctl restart smb.service


[root@lan ~]# smbpasswd -a test

# add smb user

New SMB password:

# set password

Retype new SMB password:

# confirm

[1]

Added user test.


[root@lan ~]# usermod -G security test

Install Client:

Configure on Windows client. This example is on Windows 7. Select [My Computer] - [Map
Network Drive] like following example.

Specify shared folder's place in Folder section like example and Click 'Finish' button to enter.

Password is required. Input the one set in [1].

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy