samba

1samba作用

提供cifs协议实现共享文件

2安装

yum install samba samba-common samba-client -y

systemctl start smb nmb

systemctl enable smb nmb

3添加smb用户

首先系统中要有用户

[root@westos ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@westos ~]# smbpasswd -a student  创建smb用户

New SMB password:

Retype new SMB password:

Added user student.

[root@westos ~]# pdbedit -L  查看smb用户信息

student:1000:Student User

[root@westos ~]# pdbedit -x student  删除smb用户

[root@westos ~]# pdbedit -L

[root@westos ~]# setsebool -P samba_enable_home_dirs on  在selinux中可以访问自己的家目录

测试

[root@westos ~]# smbclient //172.25.254.114/student -U student

Enter student's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Thu Jul 10 19:06:52 2014

  ..                                  D        0  Thu Jul 10 18:19:09 2014

  .bash_logout                        H       18  Wed Jan 29 07:45:18 2014

  .bash_profile                       H      193  Wed Jan 29 07:45:18 2014

  .bashrc                             H      231  Wed Jan 29 07:45:18 2014

  .ssh                               DH        0  Thu Jul 10 18:19:10 2014

  .config                            DH        0  Thu Jul 10 19:06:53 2014


40913 blocks of size 262144. 28544 blocks available

4共享目录

[root@westos ~]# vim /etc/samba/smb.conf 

        [jj]                     共享名称

        comment = local.public   对共享目录的描述

        path = /mnt        共享目录的绝对路径

        workgroup = WESTOS  共享目录的组

当共享目录为用户自建目录时

[root@westos mnt]# mkdir /smbshare

[root@westos mnt]# touch /smbshare/westosxxx

[root@westos mnt]# vim /etc/samba/smb.conf 

        [jj]

        comment = local.public

        path = /smbshare

[root@westos mnt]# setsebool -P samba_enable_home_dirs 0

[root@westos mnt]# semanage fcontext -a -t samba_share_t '/smbshare(/.*)?'

/etc/selinux/targeted/contexts/files/file_contexts.local:  line 4 has invalid regex /smbshare(/.*)?:  missing )

PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )

libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local

/etc/selinux/targeted/contexts/files/file_contexts.local:  line 4 has invalid regex /smbshare(/.*)?:  missing )

PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )

libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local

ValueError: Could not commit semanage transaction

[root@westos mnt]# restorecon -RvvF /smbshare

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 02:36:48 2017

  ..                                  D        0  Sat Jun  3 02:36:38 2017

  westosxxx                           N        0  Sat Jun  3 02:36:48 2017


40913 blocks of size 262144. 28544 blocks available

smb: \> 

semanage fcontext -a -t samba_share_t '目录名称(/.*)?‘  配置安全上下文

restorecon -RvvF 目录名称 



当共享目录为系统目录时

[root@westos ~]# touch /mnt/file{1..10}

[root@westos ~]# cd /mnt

[root@westos mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Thu Jul 10 19:06:52 2014

  ..                                  D        0  Thu Jul 10 18:19:09 2014

  .bash_logout                        H       18  Wed Jan 29 07:45:18 2014

  .bash_profile                       H      193  Wed Jan 29 07:45:18 2014

  .bashrc                             H      231  Wed Jan 29 07:45:18 2014

  .ssh                               DH        0  Thu Jul 10 18:19:10 2014

  .config                            DH        0  Thu Jul 10 19:06:53 2014


40913 blocks of size 262144. 28545 blocks available

smb: \> 

[root@westos mnt]# setsebool -P samba_export_all_ro on  只读共享

[root@westos mnt]# setsebool -P samba_export_all_rw on  读写共享

[root@westos ~]# setsebool -P samba_enable_home_dirs on

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 02:28:28 2017

  ..                                  D        0  Sat Jun  3 01:30:28 2017

  file1                               N        0  Sat Jun  3 02:28:28 2017

  file2                               N        0  Sat Jun  3 02:28:28 2017

  file3                               N        0  Sat Jun  3 02:28:28 2017

  file4                               N        0  Sat Jun  3 02:28:28 2017

  file5                               N        0  Sat Jun  3 02:28:28 2017

  file6                               N        0  Sat Jun  3 02:28:28 2017

  file7                               N        0  Sat Jun  3 02:28:28 2017

  file8                               N        0  Sat Jun  3 02:28:28 2017

  file9                               N        0  Sat Jun  3 02:28:28 2017

  file10                              N        0  Sat Jun  3 02:28:28 2017


40913 blocks of size 262144. 28545 blocks available

smb: \> 



匿名用户登陆

[root@westos mnt]# smbclient //172.25.254.114/jj 

Enter root's password: 

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

[root@westos mnt]# vim /etc/samba/smb.conf 

123         security = user

124         passdb backend = tdbsam

125         map to guest = bad user

321         [jj]

322         comment = local.public

323         path = /smbshare

324         guest ok = yes

[root@westos mnt]# systemctl  restart smb.service 

[root@westos mnt]# smbclient //172.25.254.114/jj 

Enter root's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

  .                                   D        0  Sat Jun  3 02:36:48 2017

  ..                                  D        0  Sat Jun  3 02:36:38 2017

  westosxxx                           N        0  Sat Jun  3 02:36:48 2017


40913 blocks of size 262144. 28545 blocks available

smb: \> 

访问控制

hosts allow = 域名  仅允许

host deny = 域名  仅拒绝

        [jj]

        comment = local.public

        path = /smbshare

        valid users = westos    当前共享有效用户

        valid users = +westos   当前共享有效用户组

        valid users = @westos   当前共享有效用户组

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password: 

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

所有用户均可写

服务器

[root@westos mnt]# vim /etc/samba/smb.conf 

       [jj]

        comment = local.public

        path = /mnt

        writable = yes                是否可写

[root@westos mnt]# setsebool -P samba_export_all_rw on  

[root@westos mnt]# chmod o+w /mnt

客机

[root@foundation14 ~]# mount -o username=student,password=westos //172.25.254.114/jj /mnt/  【smb共享目录】                   【smb用户名以及密码】

[root@foundation14 ~]# cd /mnt

[root@foundation14 mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj

[root@foundation14 mnt]# touch kill

[root@foundation14 mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj  kill

[root@foundation14 mnt]# 

指定用户可写

write list = student        可写用户

write list = +student       可写用户组

write list = @student       

admin users = westos      共享超级用户指定

smb多用户挂载

在客机上【不在服务器】

[root@foundation14 ~]# vim /root/westos

username=student

password=westos

[root@foundation14 ~]# chmod 600 /root/westos

[root@foundation14 ~]# yum install cifs-utils -y

[root@foundation14 ~]# mount -o credentials=/root/westos,multiuser,sec=ntlmssp //172.25.254.114/jj /mnt/

credentials=/root/westos 指定挂载时的认证文件

sec=ntlmssp  smb认证方式

multiuser  支持多用户认证



测试

su - kiosk

ls /mnt

[kiosk@foundation14 ~]$ ls /mnt

ls: cannot access /mnt: Permission denied    没有认证无法访问

[kiosk@foundation14 ~]$ cifscreds add -u student 172.25.254.114  认证

Password: 

[kiosk@foundation14 ~]$ ls /mnt

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj  kill