In order to allow clients with different encryption levels access to the same network share, multiple instances of SAMBA must be configured on the same machine. We are benefiting from a feature of SAMBA called “bind_interface” that allow a certain instance to only run on a specific network interface. If only one interface is available, “Virtual interfaces” might be defined.
Optional step – Define virtual interfaces:
cd /etc/sysconfig/network-scripts
vi ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
IPADDR=192.168.127.1
NETMASK=255.255.0.0
NETWORK=192.168.0.0
BROADCAST=192.168.100.255
ONBOOT=yes
TYPE=Ethernet
vi ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
IPADDR=192.168.127.2
NETMASK=255.255.0.0
NETWORK=192.168.0.0
BROADCAST=192.168.100.255
ONBOOT=yes
TYPE=Ethernet
vi /etc/hosts
192.168.127.1 SMB1.domain.tld SMB1
192.168.127.2 SMB2.domain.tld SMB2
Step 1 – Prepare directories for instances:
mkdir -p /var/run/samba/SMB1 /var/run/samba/SMB2
mkdir -p /var/cache/samba/SMB1 /var/cache/samba/SMB2
mkdir -p /var/log/samba/SMB1 /var/log/samba/SMB2
Step 2 – Modify logrotate to care for the new log directories:
vi /etc/logrotate.d/samba
/var/log/samba/SMB*/log.* {
[…]
/bin/kill -HUP \`cat /var/run/samba/SMB1/smbd.pid /var/run/samba/SMB1/nmbd.pid /var/run/samba/SMB1/winbindd.pid 2> /dev/null\` 2> /dev/null || true
/bin/kill -HUP \`cat /var/run/samba/SMB2/smbd.pid /var/run/samba/SMB2/nmbd.pid /var/run/samba/SMB2/winbindd.pid 2> /dev/null\` 2> /dev/null || true
}
Step 3 – Create two configuration files:
vi /etc/samba/samba.conf.SMB1
[global]
workgroup = WORKGROUP
client min protocol = NT1
server min protocol = NT1
client ipc min protocol = NT1
client ipc signing = desired
client plaintext auth = yes
ntlm auth = ntlmv1-permitted
null passwords = yes
netbios name = SMB1
pid directory = /var/run/samba/SMB1
lock directory = /var/cache/samba/SMB1
private dir = /var/cache/samba/SMB1
server role = standalone
security = user
passdb backend = tdbsam
guest account = nobody
map to guest = Bad User
bind interfaces only = yes
interfaces = lo;eth0:1
log file = /var/log/samba/SMB1/log.%m
logging = file
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[test]
Comment = Test Share
path = /tmp/test
browsable = yes
read only = no
guest ok = yes
vi /etc/samba/samba.conf.SMB2
[global]
workgroup = WORKGROUP
null passwords = yes
netbios name = SMB2
pid directory = /var/run/samba/SMB2
lock directory = /var/cache/samba/SMB2
private dir = /var/cache/samba/SMB2
server role = standalone
security = user
passdb backend = tdbsam
bind interfaces only = yes
interfaces = eth0:2
log file = /var/log/samba/SMB2/log.%m
logging = file
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[test]
Comment = Test Share
path = /tmp/test
browsable = yes
read only = no
guest ok = yes
Step 4 – Edit/create sysconfig configuration files:
vi /etc/sysconfig/samba.SMB1
SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"
NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB1 -l /var/log/samba/SMB1"
vi /etc/sysconfig/samba.SMB2
SMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"
NMBDOPTIONS="-D -s /etc/samba/smb.conf.SMB2 -l /var/log/samba/SMB2"
Step 4 – Edit/create systemctl startup files:
vi /usr/lib/systemd/system/smb1.service
[Unit]
Description=Samba SMB1 Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target nmb1.service winbind.service
[Service]
Type=notify
PIDFile=/var/run/SMB1/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba.SMB1
ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/smb2.service
[Unit]
Description=Samba SMB2 Daemon
Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target nmb2.service winbind.service
[Service]
Type=notify
PIDFile=/var/run/SMB2/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba.SMB2
ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/nmb1.service
[Unit]
Description=Samba NMB1 Daemon
Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=notify
PIDFile=/var/run/SMB1/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba.SMB1
ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB1/krb5cc_samba
[Install]
WantedBy=multi-user.target
vi /usr/lib/systemd/system/nmb2.service
[Unit]
Description=Samba NMB2 Daemon
Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=notify
PIDFile=/var/run/SMB2/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba.SMB2
ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
Environment=KRB5CCNAME=FILE:/var/run/samba/SMB2/krb5cc_samba
[Install]
WantedBy=multi-user.target
Step 5 – Create local users:
useradd -d /tmp/test test
smbpasswd -c /etc/samba/smb.conf.SMB1 -a test
smbpasswd -c /etc/samba/smb.conf.SMB2 -a test
Step 6 – Enable & Start the new services:
systemctl daemon-reload
systemctl enable nmb2
systemctl enable smb2
systemctl enable smb1
systemctl enable nmb1
systemctl start nmb1
systemctl start nmb2
systemctl start smb1
systemctl start smb2
Step 6 – Test the share:
Ideally from a different Linux machine,
mkdir /tmp/1
mount-t cifs //SMB1.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=1.0
umount /tmp/1
mount-t cifs //SMB2.domain.tld/test /tmp/1 -o username=test,password=p455w0rd,vers=2.0
No comments:
Post a Comment