关于Samba
–SMB/CIFS协议
– Server Message Block ,服务消息块
– Common Internet File System , 通用网际文件系统
Samba服务基础
主要软件包
[root@localhost Server]# rpm -qa | grep samba
samba-common-3.0.33-3.39.el5_8 //公共程序
samba-3.0.33-3.39.el5_8 //服务端程序
samba-client-3.0.33-3.39.el5_8 //客户端程序
samba-swat-3.0.33-3.39.el5_8 //Web管理后台
主要程序
–smbd : 提供对文件、打印资源的共享访问
监听端口 TCP 139 、 TCP445
–nmbd : 提供基于NetBios协议的主机名解析
监听端口 UDP137 、UDP138
系统服务脚本
– /etc/init.d/smb
配置目录及主要配置文件
– /etc/samba/
– /etc/samba/smb.conf
配置文件检查工具
– testparm
实验拓扑
Linux Client
—–RHEL5.9(vmnet1)———-(vmnet1)
Win7 Client
实验一:Samba匿名共享
将目录 /usr/src 共享给所有人
共享名设为 tools
允许所有人访问、无需密码验证
访问权限为只读
1、[root@localhost ~]# rpm -q samba-client samba samba-common
samba-client-3.0.33-3.39.el5_8
samba-3.0.33-3.39.el5_8
samba-common-3.0.33-3.39.el5_8
2、修改主配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|
3、启动服务
首先检查配置
[root@localhost ~]# testparm //检查配置命令
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tools]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions //按回车查看配置信息
[global] //全局配置
workgroup = PENGPENG
server string = Samba Server Version %v
security = SHARE
passdb backend = tdbsam
load printers = No
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[tools] //自定义配置共享
comment = tools public
path = /usr/src
guest ok = Yes
启动服务
[root@localhost ~]# service smb restart
关闭 SMB 服务: [失败]
关闭 NMB 服务: [失败]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
确保服务开机启动
[root@localhost ~]# chkconfig smb on
[root@localhost ~]# chkconfig smb –list
smb 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@localhost ~]#
监听端口
[root@localhost ~]# netstat -anptu | grep mbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 5798/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 5798/smbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 5801/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 5801/nmbd
4、客户端测试
windows:
UNC路径 \192.168.8.10
如图:
linux:
安装samba-client
[root@localhost Server]# rpm -ivh samba-client-3.0.33-3.39.el5_8.x86_64.rpm
warning: samba-client-3.0.33-3.39.el5_8.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing… ########################################### [100%]
package samba-client-3.0.33-3.39.el5_8.x86_64 is already installed
[root@localhost Server]# rpm -q samba-client
samba-client-3.0.33-3.39.el5_8
[root@localhost ~]# smbclient -L 192.168.8.10 //查看共享
Password:
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Sharename Type Comment
——— —- ——-
tools Disk tools public
IPC$ IPC IPC Service (Samba Server Version 3.0.33-3.39.el5_8)
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Server Comment
——— ——-
LOCALHOST Samba Server Version 3.0.33-3.39.el5_8
Workgroup Master
——— ——-
PENGPENG LOCALHOST
WORKGROUP PENGPENG-PC
[root@localhost ~]# smbclient //192.168.8.10/tools //访问共享
Password: //匿名共享,任意密码
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Server not using user level security and no password supplied.
smb: > ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29666 blocks available
smb: >
[root@localhost ~]# mkdir -p /data/smb //建立挂在文件夹
[root@localhost ~]# mount -t cifs //192.168.8.10/tools /data/smb/ //挂载
Password:
[root@localhost ~]# mount | tail -1
//192.168.8.10/tools on /data/smb type cifs (rw,mand) //查看挂载情况
配置自动挂载:
[root@localhost ~]# vim /etc/fstab
…
/192.168.8.10/tools /data/smb cifs passwd=defaults 0 0 //添加自动挂载,定义密码为空
…
[root@localhost ~]# grep smb /etc/fstab
//192.168.8.10/tools /data/smb cifs passwd=defaults 0 0
[root@localhost ~]# cd /data/smb //进入挂载目录
[root@localhost smb]# ls
debug kernels redhat //浏览成功
实验二:Samba用户验证
修改原有的 [tools] 匿名共享设置
不再允许所有人访问
只允许jack读取、tom写入
拒绝其他用户或匿名访问
上传目录的权限为755
上传文件的权限为644
1、新建相应账户与samba密码
[root@localhost ~]# useradd jack
[root@localhost ~]# useradd tom
[root@localhost ~]# echo "123456" | passwd –stdin jack
Changing password for user jack.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "123456" | passwd –stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# pdbedit -a jack //添加共享账号,必须有相对应的系统账号
new password:
retype new password:
Unix username: jack
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3977168788-1325546648-3669002591-1000
Primary Group SID: S-1-5-21-3977168788-1325546648-3669002591-513
Full Name:
Home Directory: \localhostjack
HomeDir Drive:
Logon Script:
Profile Path: \localhostjackprofile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 03 9月 2014 15:36:26 CST
Password can change: 三, 03 9月 2014 15:36:26 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]# pdbedit -a tom //添加共享账号,必须有相对应的系统账号
new password:
retype new password:
Unix username: tom
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3977168788-1325546648-3669002591-1001
Primary Group SID: S-1-5-21-3977168788-1325546648-3669002591-513
Full Name:
Home Directory: \localhosttom
HomeDir Drive:
Logon Script:
Profile Path: \localhosttomprofile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 03 9月 2014 15:36:41 CST
Password can change: 三, 03 9月 2014 15:36:41 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]#
2、修改主配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
[root@localhost ~]# setfacl -m u:tom:rwx /usr/src/
//ACL控制,单独给tom读写执行权限 (本地与共享权限交集才是最终访问权限)
[root@localhost ~]# getfacl /usr/src/ //查看目录权限
getfacl: Removing leading '/' from absolute path names
# file: usr/src
# owner: root
# group: root
user::rwx
user:tom:rwx
group::r-x
mask::rwx
other::r-x
3、启动服务
[root@localhost ~]# service smb restart
关闭 SMB 服务: [确定]
关闭 NMB 服务: [确定]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
4、客户端测试
[root@localhost ~]# smbclient -U jack //192.168.8.10/tools //加用户访问
Password: //之前定义共享密码
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
smb: > ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29665 blocks available
smb: >
[root@localhost ~]# umount /data/smb //卸载掉之前挂载
[root@localhost ~]# mount -o username=jack //192.168.8.10/tools /data/smb
Password:
[root@localhost ~]# mount | grep smb
//192.168.8.10/tools on /data/smb type cifs (rw,mand)
[root@localhost ~]#
实验三: samba账户别名与访问地址控制
把普通用户jack设置为kaka
设置只允许192.168.8.5地址访问
1、修改samba用户别名文件
[root@localhost ~]# vim /etc/samba/smbusers
1 2 3 4 |
|
2、修改主配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
重启服务:
[root@localhost ~]# service smb restart
关闭 SMB 服务: [确定]
关闭 NMB 服务: [确定]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
3、客户端测试
验证用户别名:
[root@localhost ~]#
[root@localhost ~]# smbclient -U kaka //192.168.8.10/tools
//使用jack别名kaka
Password: //使用jack密码
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
smb: > ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29665 blocks available
smb: >
验证IP地址限制:
[root@localhost ~]# ifconfig eth0 192.168.8.6/24
//地址修改为192.168.8.6
[root@localhost ~]# ifconfig eth0 | grep "inet addr:"
inet addr:192.168.8.6 Bcast:192.168.8.255 Mask:255.255.255.0
[root@localhost ~]# smbclient -U jack //192.168.8.10/tools
Password:
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
tree connect failed: NT_STATUS_ACCESS_DENIED
// 无法访问