1

I.1 Gestion du pare feu

1. Vérification

[root@localhost ~]# systemctl status firewalld

* firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
enabled; vendor p>
Active: active (running) since Wed 2019-09-24 23:16:35
JST; 18min ago
Docs: man:firewalld(1)
Main PID: 801 (firewalld)
Tasks: 2 (limit: 25025)
Memory: 30.9M
CGroup: /system.slice/firewalld.service
└─801 /usr/libexec/platform-python -s
/usr/sbin/firewalld --nofork ->

Sep 24 23:16:34 localhost.localdomain systemd[1]: Starting

firewalld - dynamic >
Sep 24 23:16:35 localhost.localdomain systemd[1]: Started
firewalld - dynamic f>

# [Active: active (running) ***] means firewalld is running

now

2. Arrêt et désactivation

# stop service

[root@localhost ~]# systemctl stop firewalld

# disable service

[root@localhost ~]# systemctl disable firewalld

Removed /etc/systemd/system/multi-
user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-
org.fedoraproject.FirewallD1.service.

I.2. Gestion de SELINUX

[root@localhost ~]# getenforce

Enforcing # SELinux is enabled

 2

[root@localhost ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of
enforcing.
# disabled - No SELinux policy is loaded.
# change the value below
# enforcing ⇒ enabled
# disabled ⇒ disabled
# permissive ⇒ enabled but only loging, not deny accesses
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only
selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

# restart computer to apply setting

[root@localhost ~]# reboot

I.2. Gestion de paramètres réseau

# if you did not set Host Name during installation, set it
like follows

[root@localhost ~]# hostnamectl set-hostname dlp.srv.world

# display devices

[root@localhost ~]# nmcli device

DEVICE TYPE STATE CONNECTION

ens2 ethernet connected ens2
lo loopback unmanaged --

# set IPv4 address

[root@localhost ~]# nmcli connection modify ens2

ipv4.addresses 10.0.0.30/24

# set gateway

[root@localhost ~]# nmcli connection modify ens2 ipv4.gateway

10.0.0.1
 3

# set DNS

[root@localhost ~]# nmcli connection modify ens2 ipv4.dns

10.0.0.1

# set manual for static setting (it's [auto] for DHCP)

[root@localhost ~]# nmcli connection modify ens2 ipv4.method

manual

# restart the interface to reload settings

[root@localhost ~]# nmcli connection down ens2; nmcli

connection up ens2

Connection 'ens2' successfully deactivated (D-Bus active

path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/2)

# show settings

[root@localhost ~]# nmcli device show ens2

GENERAL.DEVICE: ens2
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 52:54:00:D0:8F:0B
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens2
GENERAL.CON-PATH:
/org/freedesktop/NetworkManager/ActiveC>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 10.0.0.30/24
IP4.GATEWAY: 10.0.0.1
IP4.ROUTE[1]: dst = 10.0.0.0/24, nh
= 0.0.0.0, mt = 1>
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh =
10.0.0.1, mt = 100
IP4.DNS[1]: 10.0.0.10
IP6.ADDRESS[1]:
fe80::5054:ff:fed0:8f0b/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh =
::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh =
::, mt = 256, tabl>

# show state
 4

[root@localhost ~]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state

UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
fq_codel state UP group default qlen 1000
link/ether 52:54:00:d0:8f:0b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.30/24 brd 10.0.0.255 scope global
noprefixroute ens2
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fed0:8f0b/64 scope link noprefixroute
valid_lft forever preferred_lft forever

I.3. Paramétrer le console de gestion web

[root@dlp ~]# systemctl enable --now cockpit.socket

[root@dlp ~]# ss -napt

State Recv-Q Send-Q Local Address:Port

Peer Address:Port
LISTEN 0 128 0.0.0.0:22
0.0.0.0:* users:(("sshd",pid=831,fd=6))
LISTEN 0 128 [::]:22
[::]:* users:(("sshd",pid=831,fd=8))
LISTEN 0 128 *:9090
*:* users:(("systemd",pid=1,fd=24))
# Cockpit listens 9090 port

# if Firewalld is running, confirm inbound settings

(generally cockpit is allowed by default)

[root@dlp ~]# firewall-cmd --list-service

cockpit dhcpv6-client ssh

# if [cockpit] is not allowed, set it to allow

[root@dlp ~]# firewall-cmd --add-service=cockpit --permanent

success
[root@dlp ~]# firewall-cmd --reload
 5

success
6
7
8
9
10
11
12
 13

I.4. Gestion avec Vim

[root@dlp ~]# dnf -y install vim-enhanced

[root@dlp ~]# vi ~/.bashrc

# add alias to the end

alias vi='vim'
# apply changes

[root@dlp ~]# source ~/.bashrc

 14

[root@dlp ~]# vi ~/.vimrc

" use extended function of vim (no compatible with vi)

set nocompatible
" specify encoding

set encoding=utf-8
" specify file encoding

set fileencodings=utf-8,iso-2022-jp,sjis,euc-jp
" specify file formats

set fileformats=unix,dos
" take backup

" if not, specify [ set nobackup ]

set backup
" specify backup directory

set backupdir=~/backup
" take 50 search histories

set history=50
" ignore Case

set ignorecase
" distinct Capital if you mix it in search words

set smartcase
" highlights matched words

" if not, specify [ set nohlsearch ]

set hlsearch
" use incremental search

" if not, specify [ set noincsearch ]

set incsearch
" show line number

" if not, specify [ set nonumber ]

set number
" Visualize break ( $ ) or tab ( ^I )

set list
" highlights parentheses
 15

set showmatch
" not insert LF at the end of file

set binary noeol

" set auto indent

" if not, specify [ noautoindent ]

set autoindent
" show color display

" if not, specify [ syntax off ]

syntax on
" change colors for comments if [ syntax on ] is set

highlight Comment ctermfg=LightCyan

" wrap lines

" if not, specify [ set nowrap ]

set wrap

I.5 DNS et DHCP

I.5.1. DNS avec DNSMASK

[root@dlp ~]# dnf -y install dnsmasq

[root@dlp ~]# vi /etc/dnsmasq.conf

# line 19: uncomment

# never forward addresses in the non-routed address spaces

domain-needed
# line 21: uncomment

# query with each server strictly in the order in resolv.conf

bogus-priv
# line 53: uncomment

# query with each server strictly in the order in [resolv.conf]

strict-order
# line 67: add if you need

# query the specific domain name to the specific DNS server

 16

# example below means query [server.education] domain to

[10.0.0.10] server

server=/server.education/10.0.0.10
# line 135: uncomment

# add domain name automatically to hostnames

expand-hosts
# line : add your own domain name

domain=srv.world

[root@dlp ~]# systemctl enable --now dnsmasq

[root@dlp ~]# vi /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
# add records
10.0.0.30 dlp.srv.world dlp
[root@dlp ~]# systemctl restart dnsmasq

[root@dlp ~]# firewall-cmd --add-service=dns --permanent

success
[root@dlp ~]# firewall-cmd --reload

success

[root@node01 ~]# dnf -y install bind-utils

# change DNS to Dnsmasq Server (replace [ens2] to your own
environment)

[root@node01 ~]# nmcli connection modify ens2 ipv4.dns 10.0.0.30

[root@node01 ~]# nmcli connection down ens2; nmcli connection up

ens2
[root@node01 ~]# dig dlp.srv.world.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>>

dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43384
 17

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,

ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dlp.srv.world. IN A

;; ANSWER SECTION:
dlp.srv.world. 0 IN A 10.0.0.30

;; Query time: 1 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Thu Oct 02 23:34:54 JST 2019
;; MSG SIZE rcvd: 58

[root@node01 ~]# dig -x 10.0.0.30

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>> -x

10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32941
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 0 IN PTR
dlp.srv.world.

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Thu Oct 03 15:35:36 JST 2019
;; MSG SIZE rcvd: 78

I.5.2 DHCP avec DMASK

[root@dlp ~]# vi /etc/dnsmasq.conf
# line 158: add ranges of IP address to lease and term of lease

dhcp-range=10.0.0.200,10.0.0.250,12h
# line 332: add entries for Gateway, NTP, DNS, Subnetmask
 18

dhcp-option=option:router,10.0.0.1
dhcp-option=option:ntp-server,10.0.0.10
dhcp-option=option:dns-server,10.0.0.10
dhcp-option=option:netmask,255.255.255.0
[root@dlp ~]# systemctl restart dnsmasq

I.5.3. DNS BIND

[root@dlp ~]# dnf -y install bind bind-utils

[root@dlp ~]# vi /etc/named.conf

.....
.....
# add : set ACL entry for local network
acl internal-network {
10.0.0.0/24;
};

options {
# change ( listen all )
listen-on port 53 { any; };
# change if need ( if not listen IPv6, set [none] )
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
# add local network set on [acl] section above
# network range you allow to recive queries from
hosts
allow-query { localhost; internal-network; };
# network range you allow to transfer zone files to
clients
# add secondary DNS servers if it exist
allow-transfer { localhost; };

.....
.....

recursion yes;

dnssec-enable yes;
dnssec-validation yes;

managed-keys-directory "/var/named/dynamic";
 19

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

/*
https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

# add zones for your network and domain name

zone "srv.world" IN {
type master;
file "srv.world.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.db";
allow-update { none; };
};
# if you don't use IPv6 and also suppress logs for IPv6 related,
possible to change

# set BIND to use only IPv4

[root@dlp ~]# vi /etc/sysconfig/named

# add to the end

OPTIONS="-4"
# For how to write the section [*.*.*.*.in-addr.arpa], write
your network address reversely like follows
# case of 10.0.0.0/24
# network address ⇒ 10.0.0.0
# network range ⇒ 10.0.0.0 - 10.0.0.255
 20

# how to write ⇒ 0.0.10.in-addr.arpa

# case of 192.168.1.0/24
# network address ⇒ 192.168.1.0
# network range ⇒ 192.168.1.0 - 192.168.1.255
# how to write ⇒ 1.168.192.in-addr.arpa

[root@dlp ~]# vi /var/named/srv.world.lan

$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# any numerical values are OK for serial number but
# recommendation is [YYYYMMDDnn] (update date +
number)
2019100301 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define Name Server's IP address
IN A 10.0.0.30
# define Mail Exchanger Server
IN MX 10 dlp.srv.world.

# define each IP address of a hostname

dlp IN A 10.0.0.30
www IN A 10.0.0.31

[root@dlp ~]# vi /var/named/0.0.10.db

$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
2019100301 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.

# define each hostname of an IP address

30 IN PTR dlp.srv.world.
31 IN PTR www.srv.world.
 21

[root@dlp ~]# systemctl enable --now named

[root@dlp ~]# firewall-cmd --add-service=dns --permanent

success
[root@dlp ~]# firewall-cmd --reload

success

root@dlp ~]# nmcli connection modify ens2 ipv4.dns 10.0.0.30

[root@dlp ~]# nmcli connection down ens2; nmcli connection up

ens2

[root@dlp ~]# dig dlp.srv.world.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>>

dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4141
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0e9ca06c44ffe5e20209ad655d954316681848d8675423ab
(good)
;; QUESTION SECTION:
;dlp.srv.world. IN A

;; ANSWER SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30

;; AUTHORITY SECTION:
srv.world. 86400 IN NS
dlp.srv.world.

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Thu Oct 02 19:38:46 JST 2019
;; MSG SIZE rcvd: 100

[root@dlp ~]# dig -x 10.0.0.30

 22

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>> -x

10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cf5c64acd453263666c674db5d9543400d47bea92e41b7e1
(good)
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400 IN PTR
dlp.srv.world.

;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS
dlp.srv.world.

;; ADDITIONAL SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Thu Oct 02 19:39:28 JST 2019
;; MSG SIZE rcvd: 136

I.5.4. Serveur et Client DHCP

[root@dlp ~]# dnf -y install dhcp-server
[root@dlp ~]# vi /etc/dhcp/dhcpd.conf
# create new

# specify domain name

option domain-name "srv.world";

# specify DNS server's hostname or IP address

option domain-name-servers dlp.srv.world;

# default lease time

default-lease-time 600;
# max lease time

max-lease-time 7200;
 23

# this DHCP server to be declared valid

authoritative;
# specify network address and subnetmask

subnet 10.0.0.0 netmask 255.255.255.0 {

# specify the range of lease IP address
range dynamic-bootp 10.0.0.200 10.0.0.254;
# specify broadcast address
option broadcast-address 10.0.0.255;
# specify gateway
option routers 10.0.0.1;
}

[root@dlp ~]# systemctl enable --now dhcpd

[root@dlp ~]# firewall-cmd --add-service=dhcp --permanent

success
[root@dlp ~]# firewall-cmd --reload

success

[root@dlp ~]# ll /var/lib/dhcpd

total 40
-rw-r--r-- 1 dhcpd dhcpd 0 Apr 24 23:16 dhcpd6.leases
-rw-r--r-- 1 dhcpd dhcpd 19311 Aug 5 14:49 dhcpd.leases
-rw-r--r-- 1 dhcpd dhcpd 18144 Aug 5 14:19 dhcpd.leases~

[root@dlp ~]# cat /var/lib/dhcpd/dhcpd.leases

# The format of this file is documented in the

dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.3.6

# authoring-byte-order entry is generated, DO NOT DELETE

authoring-byte-order little-endian;

lease 10.0.0.218 {
starts 3 2020/08/05 05:47:54;
ends 3 2020/08/05 05:57:54;
cltt 3 2020/08/05 05:47:54;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:e1:f2:53;
 24

uid
"\377+\2244\301\000\002\000\000\253\021\011\215\353J2\\\322\2
72";
client-hostname "dlp";
}
.....
.....

I.5.5. Client DHCP

# install DHCP client if not installed (generally installed
by default)

[root@client ~]# dnf -y install dhcp-client

[root@client ~]# nmcli connection modify ens2 ipv4.method
auto

[root@client ~]# nmcli connection down ens2; nmcli connection

up ens2

I.6. Installation du serveur de fichier SAMBA

I.6.1. Accès Pleine

[root@smb ~]# dnf -y install samba
[root@smb ~]# mkdir /home/share

[root@smb ~]# chmod 777 /home/share

[root@smb ~]# vi /etc/samba/smb.conf

[global]
# line 7 : add (set charset)
unix charset = UTF-8
# change (Windows default)
workgroup = WORKGROUP
security = user
# add (IP addresses you allow to access)
hosts allow = 127. 10.0.0.
# add (no authentication)
map to guest = Bad User

.....
.....

# add to the end

# any Share name you like
[Share]
 25

# specify shared directory

path = /home/share
# allow writing
writable = yes
# allow guest user (nobody)
guest ok = yes
# looks all as guest user
guest only = yes
# set permission [777] when file created
force create mode = 777
# set permission [777] when folder created
force directory mode = 777

[root@smb ~]# systemctl enable --now smb

[root@smb ~]# setsebool -P samba_enable_home_dirs on

[root@smb ~]# restorecon -R /home/share

[root@smb ~]# firewall-cmd --add-service=samba --permanent

success
[root@smb ~]# firewall-cmd --reload

success

I.6.2. Accès limité

[root@smb ~]# dnf -y install samba
[root@smb ~]# groupadd smbgroup01

[root@smb ~]# mkdir /home/share01

[root@smb ~]# chgrp smbgroup01 /home/share01

[root@smb ~]# chmod 770 /home/share01

[root@smb ~]# vi /etc/samba/smb.conf

[global]
# line 7: add (set charset)
unix charset = UTF-8
# change (Windows default)
workgroup = WORKGROUP
security = user
# add (IP addresses you allow to access)
hosts allow = 127. 10.0.0.
 26

.....
.....

# add to the end

# any Share name you like
[Share01]
# specify shared directory
path = /home/share01
# allow writing
writable = yes
# not allow guest user (nobody)
guest ok = no
# allow only [smbgroup01] group
valid users = @smbgroup01
# set permission [777] when file created
force create mode = 777
# set permission [777] when folder created
force directory mode = 777
# inherit permissions from parent folder
inherit permissions = yes

[root@smb ~]# systemctl enable --now smb

# add Samba user

[root@smb ~]# useradd cent

[root@smb ~]# smbpasswd -a cent

New SMB password:

# set password

Retype new SMB password:

Added user cent.
[root@smb ~]# usermod -aG smbgroup01 cent

[root@smb ~]# setsebool -P samba_enable_home_dirs on

[root@smb ~]# restorecon -R /home/share01

[root@smb ~]# firewall-cmd --add-service=samba --permanent

success
[root@smb ~]# firewall-cmd --reload

success
 27

I.6.3. Client linux

[root@node01 ~]# dnf -y install samba-client cifs-utils

# with [smbclient] command access

# smbclient (share name) -U (user name)

[root@node01 ~]# smbclient '\\smb.srv.world\Share01' -U cent

Enter SAMBA\cent's password:

Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Fri Nov 1
19:55:09 2019
.. D 0 Fri Nov 1
19:45:00 2019
New Folder D 0 Fri Nov 1
19:55:05 2019
New text document.txt A 0 Fri Nov 1
19:55:09 2019

27245572 blocks of size 1024. 25679240 blocks

available

# download a file
smb: \> mget "New text document.txt"
Get file New text document.txt? y
getting file \New text document.txt of size 0 as New text
document.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \> !ls
anaconda-ks.cfg mariadb_backup.tar.gz
mariadb_backup 'New text document.txt'
smb: \> exit

# with [mount] command access

# [vers=(SMB protocol version)]

[root@node01 ~]# mount -t cifs -o vers=3.0,username=cent

'\\smb.srv.world\Share01' /mnt

Password for cent@\smb.srv.world\Share: ******** #

password
[ 293.807990] CIFS VFS: error -95 on ioctl to get interface
list
# the error above does not affect to accesses (with
[vers=2.x], it's not shown)
 28

[root@node01 ~]# df -hT

Filesystem Type Size Used Avail Use% Mounted

on
devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs tmpfs 1.9G 0 1.9G 0%
/dev/shm
tmpfs tmpfs 1.9G 8.5M 1.9G 1% /run
tmpfs tmpfs 1.9G 0 1.9G 0%
/sys/fs/cgroup
/dev/mapper/cl-root xfs 26G 1.5G 25G 6% /
/dev/vda1 ext4 976M 126M 783M 14% /boot
tmpfs tmpfs 379M 0 379M 0%
/run/user/0
\\smb.srv.world\Share cifs 26G 1.6G 25G 6% /mnt

# if share does not require authentication, specify [none]

for username

[root@node01 ~]# mount -t cifs -o

vers=3,username=none,password=none '\\smb.srv.world\Share'
/mnt

Client Windows
29
30
31
32