samba搭建
samba搭建
- 搭建用户认证共享服务器
- 配置匿名共享
- RHCE Samba考题实例
搭建用户认证共享服务器
- 使用yum命令安装Samba 服务器
[root@ming ~]# yum -y install samba-*
- 映射共享目录, 创建用户KK
[root@ming ~]# useradd -M KK
- 为KK用户创建说smb共享密码
[root@ming ~]# smbpasswd -a KK
New SMB password:
Retype new SMB password:
Added user KK.
[root@ming ~]#
- 假设这里映射KK为share用户,那么就要在/etc/samba/smbusers文件中添加以下内容
[root@ming ~]# echo 'KK
= share' > /etc/samba/smbusers
[root@ming ~]#
[root@ming ~]# vim /etc/samba/smb.conf
5. 在配置文件中添加以下内容
#======================= Global Settings =====================================
[global]
workgroup = SAMBA
security = user
username map = /etc/samba/smbusers
- 创建一个共享目录KK
[root@ming ~]# mkdir /opt/KK
[root@ming ~]# chown -R KK.KK /opt/KK
[root@ming ~]# ll /opt/
total 0
drwxr-xr-x. 2 KK KK 6 Jan 15 10:24 KK
[root@ming ~]#
- 配置共享
[root@ming ~]# vim /etc/samba/smb.conf
[KK]
comment = KK
path = /opt/KK
browseable = yes
guest ok = yes
writable = yes
write list = share
public = yes
- 启动服务
[root@ming yum.repos.d]# vim /etc/samba/smb.conf
[root@ming yum.repos.d]# systemctl restart smb
[root@ming yum.repos.d]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@ming yum.repos.d]# systemctl status smb
smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Tue 2019-01-15 10:28:14 EST; 11s ago
Main PID: 2926 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─2926 /usr/sbin/smbd
└─2927 /usr/sbin/smbd
Jan 15 10:28:14 ming smbd[2926]: [2019/01/15 10:28:14.347570, 0] ../lib/util/become_daemon.c:13...ady)
Jan 15 10:28:14 ming systemd[1]: Started Samba SMB Daemon.
Jan 15 10:28:14 ming smbd[2927]: STATUS=daemon 'smbd' finished starting up and ready to serve co...SFUL
Hint: Some lines were ellipsized, use -l to show in full.
[root@ming yum.repos.d]# systemctl reload smb
- 关闭防火墙和selinux
[root@ming ~]# getenforce
Enforcing
[root@ming ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@ming ~]# setenforce 0
[root@ming ~]# getenforce
Permissive
[root@ming ~]# systemctl stop firewalld
[root@ming ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Tue 2019-01-15 11:09:58 EST; 14s ago
Process: 3135 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 3135 (code=exited, status=0/SUCCESS)
Jan 15 11:09:49 ming systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 15 11:09:49 ming systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 15 11:09:58 ming systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jan 15 11:09:58 ming systemd[1]: Stopped firewalld - dynamic firewall daemon.
- 在客户机安装smb包
[root@localhost ~]# yum -y install samba-client
- 在客户机查看Samba服务器有哪些共享资源
[root@localhost ~]# smbclient -L \\192.168.120.222 -U share
Enter share's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
KK Disk KK
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
MING Samba Server Version 4.1.1
Workgroup Master
--------- -------
MYGROUP MING
- 基于挂载的方式访问
[root@localhost ~]# mkdir /opot/smb
[root@localhost ~]# mount -t cifs //192.168.120.222/KK /opt/smb -o username=share,password=1
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 870M 17G 5% /
devtmpfs 908M 0 908M 0% /dev
tmpfs 914M 0 914M 0% /dev/shm
tmpfs 914M 8.5M 905M 1% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/sda1 497M 96M 401M 20% /boot
//192.168.120.222/KK 18G 946M 17G 6% /opt/smb
- 在windows客户机上访问
配置匿名共享
- 使用yum命令安装Samba服务
[root@localhost ~]# yum -y install samba-*
- 在全局配置中添加以下内容
[root@localhost yum.repos.d]# vim /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
map to guest = Bad User
- 创建一个共享目录pp
[root@localhost ~]# mkdir /opt/pp
[root@localhost ~]# chmod 777 /opt/pp
[root@localhost ~]# ll /opt
total 0
drwxrwxrwx. 2 root root 6 Jan 15 11:30 pp
drwxrwxrwx. 2 1001 1001 0 Jan 15 10:24 smb
- 配置共享
[root@localhost ~]# vim /etc/samba/smb.conf
[pp]
comment = pp
path = /opt/pp
browseable = yes
guest ok = yes
writable = yes
public = yes
5.重启服务
[root@localhost ~]# systemctl restart smb
[root@localhost ~]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost ~]# systemctl status smb
smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Tue 2019-01-15 11:48:59 EST; 14s ago
Main PID: 2879 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─2879 /usr/sbin/smbd
├─2880 /usr/sbin/smbd
└─2882 /usr/sbin/smbd
Jan 15 11:48:59 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
Jan 15 11:48:59 localhost.localdomain smbd[2879]: [2019/01/15 11:48:59.333618, 0] ../lib/util/be...dy)
Jan 15 11:48:59 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
Jan 15 11:48:59 localhost.localdomain smbd[2880]: STATUS=daemon 'smbd' finished starting up and r...FUL
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#
- 关闭防火墙,selinux
- 在客户机查看共享
[root@ming ~]# smbclient -L 192.168.120.110 -U 'Bad User'
Enter Bad User's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
pp Disk pp
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
- 在客户机上挂载共享目录
[root@ming ~]# mkdir /opt/smb
[root@ming ~]# mount -t cifs //192.168.120.110/pp /opt/smb -o username='Bad User'
[root@ming ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 946M 17G 6% /
devtmpfs 908M 0 908M 0% /dev
tmpfs 914M 0 914M 0% /dev/shm
tmpfs 914M 8.5M 905M 1% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/sda1 497M 96M 401M 20% /boot
/dev/sr0 3.5G 3.5G 0 100% /mnt
//192.168.120.110/pp 18G 946M 17G 6% /opt/smb
RHCE Samba考题实例
题目
实例一
- 根据题目,服务器必须是STAFF工作组的成员,需要更改/etc/samba/smb.conf文件
[root@server30 ~]# vim /etc/samba/smb.conf
# can set it to SMB2 if you want experimental SMB2 support.
#
workgroup = STAFF //更改为STAFF
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
[common]
path = common
browseable = yes
- 根据题目共享common目录,发现没有目录需要创建
[root@server30 ~]# ls /common
ls: cannot access /common: No such file or directory
[root@server30 ~]# mkdir /common
[root@server30 ~]#
- 根据题目,只有example.com域内才能访问common目录,需要写防火墙规则。
[root@server30 ~]# systemctl mask iptables.service ebtables.service
ln -s '/dev/null' '/etc/systemd/system/iptables.service'
ln -s '/dev/null' '/etc/systemd/system/ebtables.service'
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=samba accept' --permanent
success
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=samba-client accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]# firewall-cmd --list-all
- 根据题目,用户natasha能够读取共享中的内容,密码是tangkai,因为能读取,但共享目录是目录,需要x权限,需要写facl
[root@server30 ~]# useradd natasha
[root@server30 ~]# smbpasswd -a natasha
New SMB password:
Retype new SMB password:
Added user natasha.
[root@server30 ~]#
[root@server30 ~]# setfacl -m u:natasha:r-x /common
- 因为selinux是开启的,也需要写selinux规则
[root@server30 ~]# setsebool -P samba_enable_home_dirs on
[root@server30 ~]# getsebool -a|grep samba|grep dirs
samba_create_home_dirs --> off
samba_enable_home_dirs --> on
use_samba_home_dirs --> off
[root@server30 ~]#
[root@server30 ~]# chcon -Rt samba_share_t /common
- 重启服务
[root@server30 ~]# systemctl restart smb nmb
[root@server30 ~]# systemctl enable smb nmb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@server30 ~]# systemctl status smb nmb
- 在客户端测试挂载共享目录
[root@desktop30 ~]# mount -t cifs -o username=natasha,password=tangkai //172.16.30.130/common /mnt
[root@desktop30 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 1.9G 62% /
devtmpfs 905M 0 905M 0% /dev
tmpfs 914M 84K 914M 1% /dev/shm
tmpfs 914M 8.8M 905M 1% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.130/common 4.9G 3.1G 1.9G 62% /mnt
[root@desktop30 ~]#
实例二:
因为是考试环境,可以再上题基础上做
1.根据题目,共享/storage,需要写/etc/samba/smb.conf/配置文件
[root@server30 ~]# mkdir /storage
[root@server30 ~]# chcon -Rt samba_share_t /storage/ //更改storage上下文
[root@server30 ~]# vim /etc/samba/smb.conf
[share]
path = /storage
browseable = yes
valid users = sarah,kitty
writable = no
write list = kitty
- 根据题目创建用户,并设置Samba密码为tangkai
[root@server30 ~]# useradd sarah
[root@server30 ~]# useradd natasha
useradd: user 'natasha' already exists
[root@server30 ~]# smbpasswd -a sarah
New SMB password:
Retype new SMB password:
Added user sarah.
[root@server30 ~]# useradd kitty
[root@server30 ~]# smbpasswd -a kitty
New SMB password:
Retype new SMB password:
Added user kitty.
- 根据题目为storage设置facl权限
[root@server30 ~]# setfacl -m u:sarah:r-x /storage/
[root@server30 ~]# setfacl -m u:kitty:rwx /storage/
4.在客户机上根据题意挂载
[root@desktop30 ~]# mkdir /mnt/dev
[root@desktop30 ~]# vim /etc/fstab
//172.16.30.130/share /mnt/dev cifs multiuser,username=sarah,password=tangkai,sec=ntlmssp 0 0
~
[root@desktop30 ~]# mount -a
mount: /etc/fstab: parse error: ignore entry at line 13.
mount: (null): mount failed: Invalid argument
[root@desktop30 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 1.9G 62% /
devtmpfs 905M 0 905M 0% /dev
tmpfs 914M 140K 914M 1% /dev/shm
tmpfs 914M 8.8M 905M 1% /run
tmpfs 914M 0 914M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.130/share 4.9G 3.1G 1.9G 62% /mnt/dev
[root@desktop30 ~]# cd /
- 进入挂载目录测试
[root@desktop30 ~]# cd /mnt/dev
[root@desktop30 dev]# ls
[root@desktop30 dev]#
[root@desktop30 dev]#
[root@desktop30 dev]# mkdir aa
mkdir: cannot create directory ‘aa’: Permission denied //发现创建不了目录
下载cifs-utils工具测试
[root@desktop30 dev]# yum -y install cifs-utils
[root@desktop30 dev]# su - student //需要切换到普通用户才能测试
[student@desktop30 ~]$ cifscreds add -u kitty 172.16.30.130
Password:
[student@desktop30 ~]$ cd /mnt/dev
[student@desktop30 dev]$ touch aa
[student@desktop30 dev]$ ls
aa
[student@desktop30 dev]$ ll
total 0
-rw-r--r--. 1 1003 1003 0 Jan 15 19:43 aa
[root@server30 ~]# id kitty
uid=1003(kitty) gid=1003(kitty) groups=1003(kitty)
[root@server30 ~]# //根据创建的目录是Kitty创建的