第十七周作业

1、利用SAMBA实现指定目录共享

# install samba
dnf install samba

# create samba user and group
groupadd -r admins
useradd -s /sbin/nologin -G admins admin
smbpasswd -a admin
useradd -s /sbin/nologin  jay
smbpasswd -a jay

# create shared folder
mkdir /data/smbshare
chgroup admins /data/smbshare
chmod 2775 /data/smbshare

# configure samba server
vim /etc/samba/smb.conf
[share]
path = /data/smbshare
write list = @admins

systemctl enable --now smb nmb

# samba client 
yum -y install cifs-utils

mkdir /mnt/jay
mount -o username=jay //smbserver/share /mnt/jay


systemctl start smb
systemctl start nmb

 

2、实现不同samba用户访问相同的samba共享,实现不同的配置

 # create 3 samba user
useradd -s /sbin/nologin smb1
useradd -s /sbin/nologin smb2
useradd -s /sbin/nologin smb3
smbpasswd -a smb1
smbpasswd -a smb2
smbpasswd -a smb3

# configure samba
vim /etc/samba/smb.conf
config file=/etc/samba/conf.d/%U
[share]
path=/data/dir
read only=NO
guest ok=yes
write list=@wheel

# separate config for smb1 and smb2
vim /etc/samba/conf.d/smb1
[share]
path=/data/dir1
read only=NO
create mask=0644

vim /etc/samba/conf.d/smb2
[share]
path=/data/dir2

systemctl restart smb nmb
 

3、远程主机通过链接openvpn修复内网里 httpd 服务主机,假如现在 httpd 宕机了,我们需要链接进去让 httpd 启动

# install openvpn on server machine
yum -y install openvpn
yum -y install easy-rsa

# init pki
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req server nopass
./easyrsa sign server server
./easyrsa gen-dh

# config client crt
./easyrsa gen-req jay nopass
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/jay.req jay
./easyrsa sign client jay

# copy certificates to corresponding folders

# config openvpn
vim /etc/openvpn/server.conf
port 1194
proto tcp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh.pem
server 10.8.00 255.255.255.0
push "route 172.30.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "cmpress lz4-v2"
max-clients 2048
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 200

# iptables
echo net.ipv4.ipforward = 1>> /etc/sysctl.conf
echo 'iptables -t nat -A POSTROUTING -s 10.8.-0.0/24 -j MASQUERADE >> /etc/rc.d/rc.local'

# start openvpn
systemctl enable --now openvpn@server

# client side
vim /etc/openvpn/client/jay/client.ovpn
client
dev tun
proto tcp
remote 10.0.0.8 1194
resolv-retry infinite
nobind
ca ca.crt
cert jay.crt
key jay.key
remote-cert-tls server
cipher AES-256-CB
verb 3
compress lz4-v2

posted @ 2020-09-21 04:41  Jay11143  阅读(77)  评论(0)    收藏  举报