基础服务——Samba文件共享服务
服务理论:
在windows网络环境中,主机之间进行文件和打印机共享是通过微软公司自己的SMB/CIFS网络协议实现的,SMB(Server Message Block,服务消息块)和CIFS(Common Internet File System,通用互联网文件系统)协议是微软的私有协议,在Samba项目出现之前,并不能直接与Linux/UNIX系统进行通信。
Samba是著名的开源软件项目之一,它在Linux/UNIX系统中实现了微软的SMB/CIFS网络协议,从而使得跨平台的文件共享变得更加容易。在部署windows/Linux/UNIX混合平台的企业环境时,选用Samba可以很好的解决不同系统之间的文件互访问题。
1、samba软件包的构成:
在Centos7系统的DVD安装光盘中可以找到与Samba相关的几个软件包,主要包括服务软件Samba,客户端软件samba-client,用于提供服务端和客户端程序的公共组件samba-common。
大部分软件包已经随Centos7系统默认安装好了,用户可以查询系统中samba相关软件包的安装情况。
2、搭建Samba
实验环境:本地YUM的一台Centos虚拟机
实验步骤:
搭建Samba文件共享服务
[root@localhost ~]# rpm -qa | grep "^samba" 查看samba所需要的依赖包
samba-client-libs-4.4.4-9.el7.x86_64
samba-common-4.4.4-9.el7.noarch
samba-common-libs-4.4.4-9.el7.x86_64
samba-client-4.4.4-9.el7.x86_64
[root@localhost yfr]# cd /media/dvd/Packages/ 进入我们的yum库文件
[root@localhost Packages]# rpm -ivh pytalloc-2.1.6-1.el7.x86_64.rpm 下载依赖包pytalloc
warning: pytalloc-2.1.6-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:pytalloc-2.1.6-1.el7 ################################# [100%]
[root@localhost Packages]# rpm -ivh samba-libs-4.4.4-9.el7.x86_64.rpm下载依赖包samba-libs
warning: samba-libs-4.4.4-9.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:samba-libs-0:4.4.4-9.el7 ################################# [100%]
下载依赖包sam-common-tools:
[root@localhost Packages]# rpm -ivh samba-common-tools-4.4.4-9.el7.x86_64.rpm
warning: samba-common-tools-4.4.4-9.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:samba-common-tools-0:4.4.4-9.el7 ################################# [100%]
[root@localhost Packages]# rpm -ivh samba-4.4.4-9.el7.x86_64.rpm 下载并且安装samba
warning:samba-4.4.4-9.el7.x86_64.rpm:Header V3 RSA/SHA256 Signature, key IDf4a80eb5:NOKEY
Preparing... #################################[100%]
Updating / installing...
1:samba-0:4.4.4-9.el7 ################################# [100%]
[root@localhost Packages]# systemctl start smb nmb 启动samba
[root@localhost Packages]# netstat -anput | grep smb 搜索端口查看是否启动smb
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 4320/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 4320/smbd
tcp6 0 0 :::139 :::* LISTEN 4320/smbd
tcp6 0 0 :::445 :::* LISTEN 4320/smbd
[root@localhost Packages]# netstat -anput | grep nmb 搜索端口查看是否启动nmb
udp 0 0 192.168.122.255:137 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.122.1:137 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.199.255:137 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.199.52:137 0.0.0.0:* 4318/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.122.255:138 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.122.1:138 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.199.255:138 0.0.0.0:* 4318/nmbd
udp 0 0 192.168.199.52:138 0.0.0.0:* 4318/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 4318/nmbd
[root@localhost Packages]# grep -v '#' /etc/samba/smb.conf | grep -v "^;" | grep -v "^$"
[global] 全局参数
workgroup = SAMBA 工作组名称
security = user 安全指标
passdb backend = tdbsam 用户数据库
printing = cups
printc printing ap name = cups
load printers = yes
cups options = raw
[homes] 家目录参数
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers] 共享打印机的配置
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$] 打印参数
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[root@localhost Packages]# vim /etc/samba/smb.conf
9 map to guest = Bad user
41 [centos7]
42 comment = centos 7.3 DVD directory
43 path = /media/dvd 共享的路径
44 public = yes 是否公开
45 read only = yes 是否可读
46 writable = no 是否写入
[root@localhost Packages]# systemctl restart smb nmb 重启samba服务
[root@localhost Packages]# testpram 检查samba服务配置文件是否正确
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) 这里显示报错
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[centos7]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = SAMBA
printcap name = cups
map to guest = Bad User
security = USER
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[printers]
comment = All Printers
path = /var/tmp
browseable = No
printable = Yes
create mask = 0600
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
create mask = 0664
directory mask = 0775
write list = root
[centos7]
comment = centos 7.3 DVD directory
path = /media/dvd
guest ok = Yes
如果出现16384报错,就是缺少了windows的配置文件
[root@localhost Packages]# vim /etc/security/limits.conf 去更改配置文件
#@student - maxlogins 4
60 * - nofile 16384
61 # End of file
[root@localhost Packages]# systemctl stop firewalld.service 关闭防火墙
[root@localhost Packages]# setenforce 0 关闭selinux防火墙
客户端连接
[root@localhost yfr]# smbclient //192.168.199.52/centos7
Enter lws's password:
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.4.4]
smb: \>
smb: \> ls
. D 0 Mon Dec 5 21:20:27 2016
.. D 0 Wed Aug 28 19:35:58 2019
CentOS_BuildTag N 14 Mon Dec 5 21:02:38 2016
EFI D 0 Mon Dec 5 21:20:19 2016
EULA N 215 Thu Dec 10 06:35:46 2015
GPL N 18009 Thu Dec 10 06:35:46 2015
images D 0 Mon Dec 5 21:47:24 2016
isolinux D 0 Mon Dec 5 21:20:19 2016
LiveOS D 0 Mon Dec 5 21:20:19 2016
Packages D 0 Mon Dec 5 21:35:41 2016
repodata D 0 Mon Dec 5 21:37:18 2016
RPM-GPG-KEY-CentOS-Testing-7 N 1690 Thu Dec 10 06:35:46 2015
RPM-GPG-KEY-CentOS-7 N 1690 Thu Dec 10 06:35:46 2015
TRANS.TBL R 2883 Mon Dec 5 21:55:45 2016
.discinfo H 29 Mon Dec 5 21:17:03 2016
.treeinfo H 366 Mon Dec 5 21:20:27 2016
4276440 blocks of size 1024. 0 blocks available
smb: \> quit 退出
当完成匿名访问之后,我们现在换一种访问方式,换成用户访问
用户访问操作步骤如下:
服务器:
[root@localhost Packages]# useradd abc 创建用户
[root@localhost Packages]# pdbedit -a -u abc 让abc这个用户添加到samba中
new password: 新的密码
retype new password: 重新输入密码
Unix username: abc unix 用户名
NT username: NT 用户名
Account Flags: [U ]
User SID: S-1-5-21-3222340337-1416471442-3454317994-1000
Primary Group SID: S-1-5-21-3222340337-1416471442-3454317994-513
Full Name:
Home Directory: \\localhost\abc 主目录
HomeDir Drive:
Logon Script:
Profile Path: \\localhost\abc\profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST 登陆时间
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Wed, 28 Aug 2019 22:45:48 CST 修改密码时间
Password can change: Wed, 28 Aug 2019 22:45:48 CST
Password must change: never 永不更改密码
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 登陆时间
当看到这样的数据弹出时候,说明创建成功
[root@localhost Packages]# pdbedit -L abc 查看一下
abc:1001:说明成功了
[root@localhost Packages]# useradd 123 再创一个用户
[root@localhost Packages]# pdbedit -L 123 查看一下创建的用户
Username not found! 没有显示,因为没有添加到samba中
[root@localhost Packages]# pdbedit -a -u 123 添加到samba中
new password:
retype new password:
Unix username: 123
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3222340337-1416471442-3454317994-1001
Primary Group SID: S-1-5-21-3222340337-1416471442-3454317994-513
Full Name:
Home Directory: \\localhost\123
HomeDir Drive:
Logon Script:
Profile Path: \\localhost\123\profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Wed, 28 Aug 2019 22:49:15 CST
Password can change: Wed, 28 Aug 2019 22:49:15 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost Packages]# pdbedit –L
abc:1001:
123:1002:
修改一下主配文件,然后我们把之前的centos7去掉,换成share
[root@localhost Packages]# vim /etc/samba/smb.conf
6 [global]
7 workgroup = SAMBA
8 security = user
9 # map to guest = Bad user
10 hosts allow = 192.168.199 192.168.220
11 hosts deny = 192.168.1 192.168.2
12 passdb backend = tdbsam
13
40 [share]
41 comment = share file
42 path = /share
43 public = no
44 read only = yes
45 valid users = abc 123
46 write list = 123
47 directory mask = 0755
48 create mask = 0644
[root@localhost Packages]# mkdir /share
[root@localhost Packages]# chmod 777 /share 给他777权限
[root@localhost Packages]# systemctl restart smb nmb 重启服务
现在回到客户端:
[root@localhost yfr]# smbclient -U 123 //192.168.199.4/share
Enter 123's password:
Domain=[SAMBA] OS=[Windows 6.1] Server=[Samba 4.4.4]
smb: \> mkdir 1.txt
smb: \> ls
. D 0 Wed Aug 28 23:19:19 2019
.. DR 0 Wed Aug 28 23:05:03 2019
1.txt D 0 Wed Aug 28 23:19:19 2019
17811456 blocks of size 1024. 14183608 blocks available
smb: \> quit 退出
然后我们回到服务端的共享目录查看是否有1.txt
[root@localhost Packages] #cd /share
[root@localhost Packages] #ls
- txt
当看到1.txt时候,实验成功!