Image

Image

Search This Blog

Thursday, November 02, 2023

MULTIPLE SAMBA INSTANCES

 

In order to allow clients with different encryption levels access to the same network share, multiple instances of SAMBA must be configured on the same machine. We are benefiting from a feature of SAMBA called “bind_interface” that allow a certain instance to only run on a specific network interface. If only one interface is available, “Virtual interfaces” might be defined.


Optional step – Define virtual interfaces:

cd /etc/sysconfig/network-scripts

vi ifcfg-eth0:1

DEVICE=eth0:1

BOOTPROTO=static

IPADDR=192.168.127.1

NETMASK=255.255.0.0

NETWORK=192.168.0.0

BROADCAST=192.168.100.255

ONBOOT=yes

TYPE=Ethernet


vi ifcfg-eth0:2

DEVICE=eth0:2

BOOTPROTO=static

IPADDR=192.168.127.2

NETMASK=255.255.0.0

NETWORK=192.168.0.0

BROADCAST=192.168.100.255

ONBOOT=yes

TYPE=Ethernet


vi /etc/hosts

192.168.127.1 SMB1.domain.tld SMB1

192.168.127.2 SMB2.domain.tld SMB2



Step 1 – Prepare directories for instances:

mkdir -p /var/run/samba/SMB1 /var/run/samba/SMB2

mkdir -p /var/cache/samba/SMB1 /var/cache/samba/SMB2

mkdir -p /var/log/samba/SMB1 /var/log/samba/SMB2



Step 2 – Modify logrotate to care for the new log directories:

vi /etc/logrotate.d/samba

/var/log/samba/SMB*/log.* {

[…]

/bin/kill -HUP \`cat /var/run/samba/SMB1/smbd.pid /var/run/samba/SMB1/nmbd.pid /var/run/samba/SMB1/winbindd.pid 2> /dev/null\` 2> /dev/null || true

/bin/kill -HUP \`cat /var/run/samba/SMB2/smbd.pid /var/run/samba/SMB2/nmbd.pid /var/run/samba/SMB2/winbindd.pid 2> /dev/null\` 2> /dev/null || true

}


Step 3 – Create two configuration files:


vi /etc/samba/samba.conf.SMB1

[global]

workgroup = WORKGROUP

client min protocol = NT1

server min protocol = NT1

client ipc min protocol = NT1

client ipc signing = desired

client plaintext auth = yes

ntlm auth = ntlmv1-permitted

null passwords = yes

netbios name = SMB1

pid directory = /var/run/samba/SMB1

lock directory = /var/cache/samba/SMB1

private dir = /var/cache/samba/SMB1

server role = standalone

security = user

passdb backend = tdbsam

guest account = nobody

map to guest = Bad User

bind interfaces only = yes

interfaces = lo;eth0:1

log file = /var/log/samba/SMB1/log.%m

logging = file

log level = 2

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes

[test]

Comment = Test Share

path = /tmp/test

browsable = yes

read only = no

guest ok = yes


vi /etc/samba/samba.conf.SMB2

[global]

workgroup = WORKGROUP

null passwords = yes

netbios name = SMB2

pid directory = /var/run/samba/SMB2

lock directory = /var/cache/samba/SMB2

private dir = /var/cache/samba/SMB2

server role = standalone

security = user

passdb backend = tdbsam

bind interfaces only = yes

interfaces = eth0:2

log file = /var/log/samba/SMB2/log.%m

logging = file

log level = 2

load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes

[test]

Comment = Test Share

path = /tmp/test

browsable = yes

read only = no

guest ok = yes


Step 4 – Edit/create sysconfig configuration files:


vi /etc/sysconfig/samba.SMB1

SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"

NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"


vi /etc/sysconfig/samba.SMB2

SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"

NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"


Step 4 – Edit/create systemctl startup files:


vi /usr/lib/systemd/system/smb1.service

[Unit]

Description=Samba SMB1 Daemon

Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target nmb1.service winbind.service

[Service]

Type=notify

PIDFile=/var/run/SMB1/smbd.pid

LimitNOFILE=16384

EnvironmentFile=-/etc/sysconfig/samba.SMB1

ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/smb2.service

[Unit]

Description=Samba SMB2 Daemon

Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target nmb2.service winbind.service

[Service]

Type=notify

PIDFile=/var/run/SMB2/smbd.pid

LimitNOFILE=16384

EnvironmentFile=-/etc/sysconfig/samba.SMB2

ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/nmb1.service

[Unit]

Description=Samba NMB1 Daemon

Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target

[Service]

Type=notify

PIDFile=/var/run/SMB1/nmbd.pid

EnvironmentFile=-/etc/sysconfig/samba.SMB1

ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba

[Install]

WantedBy=multi-user.target


vi /usr/lib/systemd/system/nmb2.service

[Unit]

Description=Samba NMB2 Daemon

Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)

Wants=network-online.target

After=network.target network-online.target

[Service]

Type=notify

PIDFile=/var/run/SMB2/nmbd.pid

EnvironmentFile=-/etc/sysconfig/samba.SMB2

ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS

ExecReload=/bin/kill -HUP $MAINPID

LimitCORE=infinity

Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba

[Install]

WantedBy=multi-user.target


Step 5 – Create local users:


useradd -d /tmp/test test

smbpasswd -c /etc/samba/smb.conf.SMB1 -a test

smbpasswd -c /etc/samba/smb.conf.SMB2 -a test



Step 6 – Enable & Start the new services:


systemctl daemon-reload

systemctl enable nmb2

systemctl enable smb2

systemctl enable smb1

systemctl enable nmb1

systemctl start nmb1

systemctl start nmb2

systemctl start smb1

systemctl start smb2



Step 6 – Test the share:


Ideally from a different Linux machine,

mkdir /tmp/1

mount-t cifs //SMB1.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=1.0

umount /tmp/1

mount-t cifs //SMB2.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=2.0



No comments:

Post a Comment

Blog Archive