实验需求:

搭建samba服务器

将目录/data共享,共享名设置为software

拒绝匿名用户访问,只允许manager组成员访问


1.服务器(192.168.100.1)安装软件包

[root@samba-server Desktop]# yum -y install samba samba-common samba-client


2.编辑主配置文件

[root@samba-server Desktop]# vim /etc/samba/smb.conf

……

74         workgroup = jin

75         server string = my fist file server

……

89         log file = /var/log/samba/%m.log    //日志文件

...

91         max log size = 50

...

101         security = user

102         passdb backend = tdbsam

……

255 [software]

256         comment = software

257         path = /data

258         browseable = yes

259         public = no

260         writable = yes            //可写

261         valid users = @manager  

262         write list = @manager


[root@samba-server Desktop]# testparm  //此命令测试主配置文件语法


3.创建测试用户与组,共享目录

[root@samba-server Desktop]# groupadd manager

[root@samba-server Desktop]# useradd -G manager obama

[root@samba-server Desktop]# useradd -G manager bush

[root@samba-server Desktop]# useradd sanmao           //非manager组成员账号

[root@samba-server Desktop]# echo 123456 | passwd --stdin obama

[root@samba-server Desktop]# echo 123456 | passwd --stdin bush

[root@samba-server Desktop]# echo 123456 | passwd --stdin sanmao

[root@samba-server Desktop]# pdbedit -a -u obama      //添加共享账号

[root@samba-server Desktop]# pdbedit -a -u bush

[root@samba-server Desktop]# pdbedit -a -u sanmao

[root@samba-server Desktop]# pdbedit -L               //查看samba库中共享用户

obama:503:

bush:504:

sanmao:505:


[root@samba-server Desktop]# mkdir /data    

[root@samba-server Desktop]# touch /data/test.txt      

[root@samba-server Desktop]# setfacl -m g:manager:rwx /data  

[root@samba-server Desktop]# getfacl /data

getfacl: Removing leading '/' from absolute path names

# file: data

# owner: root

# group: root

user::rwx

group::r-x

group:manager:rwx                   //确认manager组权限

mask::rwx

other::r-x



4.启动服务

[root@samba-server Desktop]# service smb start

[root@samba-server Desktop]# service nmb start

[root@samba-server Desktop]# chkconfig smb on

[root@samba-server Desktop]# chkconfig nmb on


5.linux客户端测试

[root@client ~]# smbclient -U obama //192.168.100.1/software

Enter bush's password:

Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]

smb: \> ls

 .                                   D        0  Wed Apr 16 08:50:29 2014

 ..                                 DR        0  Wed Apr 16 08:28:12 2014

 test.txt                                     0  Wed Apr 16 08:28:40 2014


63699 blocks of size 262144. 49537 blocks available              //成功登录


[root@client ~]# mount -t cifs  //192.168.100.1/software /mnt -o username=obama   //将共享挂载

mount: block device //192.168.100.1/software is write-protected, mounting read-only

mount: cannot mount block device //192.168.100.1/software read-only    //此错误是由于未安装cifs-utils软件包


[root@client ~]#yum -y install cifs-utils


[root@client ~]# mount -t cifs  //192.168.100.1/software /mnt -o username=obama //再次挂载成功

Password:

[root@client ~]# ls /mnt

test.txt


6.linux客户端使用非manager组成员sanmao测试

[root@client ~]# smbclient -U sanmao //192.168.100.1/software

Enter sanmao's password:

Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]

tree connect failed: NT_STATUS_ACCESS_DENIED         //登录失败


7.window客户端测试



附注:samba使用账号密码登录也可实现自动挂载,但会暴露账号密码,一般不使用

开机自动挂载

vim /etc/fstab

//192.168.100.1/software /mnt cifs defaults,username=用户名,password=密码 0 0


autofs触发挂载方式

vim /etc/auto.master

/mnt /etc/auto.samba


vim /etc/auto.samba

samba -fstype=cifs,username=用户名,password=密码 ://192.168.100.1/software


service autofs restart