实验拓扑:
Linux Client
-----RHEL5.9(vmnet1)----------(vmnet1)
Win7 Client
实验一:Samba匿名共享
工作组为Tarena
将目录 /usr/src 共享给所有人
共享名设为 tools
允许所有人访问、无需密码验证
访问权限为只读
一:实验环境准备
三台计算机 一台Samba服务器 一台LinuxClient 一台 WINClient
1)确保三台机器能ping通
2)两台Linux 操作系统机需要配置好 yum.respo文件 并安装好yum库
二.了解Samba服务器配置文件内容及格式
主体五个部分 global homes public printers share
等
1、安装软件包
[root@localhost ~]# rpm -q samba-client samba samba-common
package samba-client is not installed
package samba is not installed
package samba-common is not installed
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# cp rhel-debuginfo.repo rhel-server.repo
[root@localhost yum.repos.d]# cat rhel-server.repo
[rhel-server]
name=Red Hat Enterprise Linux Server
baseurl=file:///misc/cd/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
//放入rhel5.9 iso
[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum -y install samba samba-client samba-common
2、修改主配置文件
[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# cp smb.conf smb.conf.bak //备份 由于是新手,为安全起见建议先备份
[root@localhost samba]# vim /etc/samba/smb.conf //设置配置文件
...
74 workgroup = Tarena
75 server string = Win File Ser
...
89 log file = /var/log/samba/%m.log
...
91 max log size = 50
...
101 security = share
...
221 load printers = no //屏蔽共享时看到的打印图标
...
289 [tools]
290 comment = Tools Public
291 path = /usr/src
292 public = yes
293 read only = yes
3、启动服务
[root@localhost ~]# testparm //检测服务是否启动
[root@localhost ~]# service smb restart
[root@localhost ~]# chkconfig smb on
[root@localhost ~]# netstat -anptu | grep mbd //查看
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 7008/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 7008/smbd
udp 0 0 192.168.10.10:137 0.0.0.0:* 7011/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 7011/nmbd
udp 0 0 192.168.10.10:138 0.0.0.0:* 7011/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 7011/nmbd
4、客户端测试:
Windown:
UNC路径 \\192.168.10.253
Linux:
[root@localhost ~]# yum -y install samba-client
[root@localhost ~]# smbclient -L 192.168.10.253
[root@localhost ~]# smbclient //192.168.10.253/tools
[root@localhost ~]# mkdir -p /data/smb
[root@localhost ~]# mount -t cifs //192.168.10.253/tools /data/smb/
[root@localhost ~]# grep smb /etc/fstab
//192.168.10.253/tools /data/smb cifs defaults 0 0
试验二 Samba用户验证
修改原有的 [tools] 匿名共享设置
不再允许所有人访问
只允许nick读取、tom写入
拒绝其他用户或匿名访问
上传目录的权限为755
上传文件的权限为644
1、新建相应账户与samba密码
[root@localhost ~]# useradd nick
[root@localhost ~]# useradd tom
[root@localhost ~]# echo "redhat" | passwd --stdin nick
[root@localhost ~]# echo "redhat" | passwd --stdin tom
[root@localhost ~]# pdbedit -a nick
[root@localhost ~]# pdbedit -a tom
2、修改主配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
...
101 security = user
...
289 [tools]
290 comment = Tools Public
291 path = /usr/src
292 public = no
293 valid users = nick,tom
294 write list = tom
295 read only = yes
296 directory mask = 0755
297 create mask = 0644
...
[root@localhost ~]# setfacl -m u:tom:rwx /usr/src/
3、启动服务
[root@localhost ~]# service smb restart
4、客户端测试
[root@localhost ~]# smbclient -U nick //192.168.10.10/tools
[root@localhost ~]# mount -o username=nick //192.168.10.10/tools /data/smb
试验三 Samba账户别名与访问地址控制
把普通帐户nick设置别名为jim
设置只允许192.168.10.20地址访问
1、修改Samba用户别名文件
[root@localhost ~]# vim /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
nick = jim
2、修改主配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
...
76 username map = /etc/samba/smbusers
...
289 [tools]
290 comment = Tools Public
291 path = /usr/src
292 public = no
293 valid users = nick,tom
294 write list = tom
295 read only = yes
296 directory mask = 0755
297 create mask = 0644
298 hosts allow = 192.168.10.5