实验开始前:

[root@localhost ~]# systemctl stop firewalld

 

SMB文件共享

通用Internet文件系统(CIFS)也称为服务器信息块(SMB),是适用于MicrosoftWindows服务器和客户端的标准文件和打印机共享系统。Samba服务可用于将Linux文件系统作为CIFS/SMB网络文件共享进行共享,并将Linux打印机作为CIFS/SMB打印机共享进行共享

Samba服务的组成部分

1. 软件包:

Samba-common – Samba的支持文件

Samba-client – 客户端应用程序

Samba – 服务器应用程序

2. 服务名称:smb nmb

3. 服务端口: 通常使用TCP/445进行所有连接。还使用UDP137、UDP138和TCP/139进行向后兼容

4. 主配置文件:/etc/samba/smb.conf

 

 

1)服务的安装:

[root@localhost ~]# yum install samba samba-client.x86_64 samba-common -y

[root@localhost ~]# systemctl start smb nmb

[root@localhost ~]# systemctl enable smb nmb

 

2)添加smb用户

[root@localhost ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@localhost ~]# smbpasswd -a student    ##添加samba用户

New SMB password:

Retype new SMB password:

Added user student.

 

[root@localhost ~]# smbclient -L //172.25.254.113

Enter root's password:

Connection to 172.25.254.113 failed (Error NT_STATUS_CONNECTION_REFUSED)

 

[root@localhost ~]# pdbedit -L    ##查看smb用户信息

student:1000:Student User

 

[root@localhost ~]# setsebool -P samba_enable_home_dirs on##在selinux中设定smb用户可以访问自己的家目录

Boolean enable_samba_home_dirs is not defined

[root@localhost ~]# getsebool -a | grep samba

samba_第1张图片

    

[root@localhost ~]# smbpasswd -x student    ##删除samba用户

 

测试:

[root@localhost ~]# smbclient  //172.25.254.113/student -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Thu Jul 10 19:06:52 2014

  ..                                  D        0  Thu Jul 10 18:19:09 2014

  .bash_logout                        H       18  Wed Jan 29 07:45:18 2014

  .bash_profile                       H      193  Wed Jan 29 07:45:18 2014

  .bashrc                             H      231  Wed Jan 29 07:45:18 2014

  .ssh                               DH        0  Thu Jul 10 18:19:10 2014

  .config                            DH        0  Thu Jul 10 19:06:53 2014

 

40913 blocks of size 262144. 28503 blocks available

smb: \> quit

[root@localhost ~]#

 

 

 

 

3)共享目录的基本设定

 

[root@localhost ~]# vim /etc/samba/smb.conf

321    [haha]            ##共享目录

322    comment = local directory    ##对共享目录的描述

323    path = /smbshare        ##共享目录的绝对路径

89     workgroup = WESTOS    ##组名的更改(可改可不改,如果改就在这改)

 

[root@localhost ~]# systemctl restart smb.service

 

####当共享目录为用户自建立目录时

[root@localhost ~]# mkdir /smbshare    ##自己建立的文件

[root@localhost ~]# touch /smbshare/westosha

[root@localhost ~]# semanage fcontext -a -t samba_share_t '/smbshare(/.*)?'        ##安全上下文的统一

[root@localhost ~]# restorecon -RvvF /smbshare刷新

context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

restorecon reset /smbshare/westosha context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

 

测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

NT_STATUS_ACCESS_DENIED listing \*

smb: \> quit

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:25:33 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  westosha                            N        0  Sat Jun  3 14:25:33 2017

 

10473900 blocks of size 1024. 7296000 blocks available

smb: \> quit

 

[root@localhost ~]# setsebool -P samba_enable_home_dirs 0

[root@localhost ~]# systemctl restart smb.service

[root@localhost ~]# cd /mnt

[root@localhost mnt]# ls

[root@localhost mnt]# touch file{1..5}

[root@localhost mnt]# ls

file1  file2  file3  file4  file5

[root@localhost mnt]# getsebool -a | grep samba

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> off

samba_export_all_ro --> off

samba_export_all_rw --> off

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_sandbox_use_samba --> off

virt_use_samba --> off

 

 

####当共享目录为系统建立目录

[root@localhost mnt]# setsebool -P samba_export_all_ro on##只读共享

[root@localhost mnt]# systemctl restart smb.service

[root@localhost mnt]# getsebool -a | grep samba

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> off

samba_export_all_ro --> on

samba_export_all_rw --> off##读写共享

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_sandbox_use_samba --> off

virt_use_samba --> off

 

 

 

[root@localhost smbshare]# vim /etc/samba/smb.conf

321         [haha]

322         comment = local directory

323         path = /mnt

 

[root@localhost smbshare]# systemctl restart smb.service

 

测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:36:40 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  file1                               N        0  Sat Jun  3 14:36:40 2017

  file2                               N        0  Sat Jun  3 14:36:40 2017

  file3                               N        0  Sat Jun  3 14:36:40 2017

  file4                               N        0  Sat Jun  3 14:36:40 2017

  file5                               N        0  Sat Jun  3 14:36:40 2017

 

10473900 blocks of size 1024. 7305632 blocks available

smb: \>

 

 

 

 

 

4)samba的配置参数

 

更改完配置文件时刻重启生效:systemctl restart smb.service

 

vim /etc/samba/smb.conf    

       guest ok = yes    ##匿名用户的访问

       map to guest = bad user


测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha

Enter kiosk's password: ##直接跳过不用输密码,smb用户里面没有kiosk

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:36:40 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  file1                               N        0  Sat Jun  3 14:36:40 2017

  file2                               N        0  Sat Jun  3 14:36:40 2017

  file3                               N        0  Sat Jun  3 14:36:40 2017

  file4                               N        0  Sat Jun  3 14:36:40 2017

  file5                               N        0  Sat Jun  3 14:36:40 2017

 

10473900 blocks of size 1024. 7305624 blocks available

smb: \> quit

 

###访问控制

 

1.hosts allow = ip##仅允许当前ip


测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:36:40 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  file1                               N        0  Sat Jun  3 14:36:40 2017

  file2                               N        0  Sat Jun  3 14:36:40 2017

  file3                               N        0  Sat Jun  3 14:36:40 2017

  file4                               N        0  Sat Jun  3 14:36:40 2017

  file5                               N        0  Sat Jun  3 14:36:40 2017

 

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

 

2.hosts deny = ip    ##仅拒绝当前ip


测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

 

3.

valid users = 用户        ##当前共享的有效用户

valid users = @westos或+westos  ##当前共享的有效用户为westos组

 

测试:

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U westos

Enter westos's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:36:40 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  file1                               N        0  Sat Jun  3 14:36:40 2017

  file2                               N        0  Sat Jun  3 14:36:40 2017

  file3                               N        0  Sat Jun  3 14:36:40 2017

  file4                               N        0  Sat Jun  3 14:36:40 2017

  file5                               N        0  Sat Jun  3 14:36:40 2017

 

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

 

[root@localhost smbshare]# usermod -G westos student

 

[root@foundation13 Desktop]# smbclient  //172.25.254.113/haha -U student

Enter student's password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 14:36:40 2017

  ..                                  D        0  Sat Jun  3 14:25:16 2017

  file1                               N        0  Sat Jun  3 14:36:40 2017

  file2                               N        0  Sat Jun  3 14:36:40 2017

  file3                               N        0  Sat Jun  3 14:36:40 2017

  file4                               N        0  Sat Jun  3 14:36:40 2017

  file5                               N        0  Sat Jun  3 14:36:40 2017

 

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

 

 

 

###读写控制

 

所有用户均可写

[root@localhost smbshare]# chmod o+w /mnt

[root@localhost smbshare]# setsebool -P samba_export_all_rw on

[root@localhost smbshare]# vim /etc/samba/smb.conf

        [haha]

        comment = local directory

        path = /mnt

        writable = yes    ##读写控制打开

        admin user = westos    ##允许用户westos

[root@localhost smbshare]# systemctl restart smb.service

 

 

测试:

[root@foundation13 Desktop]# mount -o username=westos,password=westos //172.25.254.113/haha /mnt/

[root@foundation13 Desktop]# cd /mnt

[root@foundation13 mnt]# ls

file1  file2  file3  file4  file5

[root@foundation13 mnt]# touch file6

[root@foundation13 mnt]# ls

file1  file2  file3  file4  file5  file6

 

 

设定指定用户可写

write list = student##可写用户

write list = +student##可写用户组

write list = @student

admin users = westos##共享的超级用户指定

 

 

 

 

 

 

5)smb多用户挂载

client上

[root@foundation13 mnt]# vim /root/haha

  1 username=student

  2 password=student

                     

 

测试:

[root@foundation13 mnt]# chmod 600 /root/haha

[root@foundation13 mnt]# yum install cifs-utils -y

[root@foundation13 mnt]# mount -o credentials=/root/haha,multiuser,sec=ntlmssp //172.25.254.113/haha /mnt/

#credentials=/root/haha    ##指定挂载时所用到的用户文件

#multiuser           ##支持多用户认证

#sec=ntlmssp          ##认证方式为标准smb认证方式

[root@foundation13 mnt]# ls

file

 

[root@foundation13 mnt]# su - kiosk

Last login: Sat Jun  3 16:43:08 CST 2017 on pts/5

[kiosk@foundation13 ~]$ ls /mnt/

ls: cannot access /mnt/: Permission denied##因为没有做smb的认证所以无法访问smb共享

[kiosk@foundation13 ~]$ cifscreds add -u westos 172.25.254.113

Password:

[kiosk@foundation13 ~]$ ls /mnt

file