linux下samba共享服务器介绍与配置

关于Samba

–SMB/CIFS协议

   – Server Message Block ，服务消息块

   – Common Internet File System ， 通用网际文件系统

Samba服务基础

主要软件包

[root@localhost Server]# rpm -qa | grep samba

samba-common-3.0.33-3.39.el5_8           //公共程序

samba-3.0.33-3.39.el5_8                  //服务端程序

samba-client-3.0.33-3.39.el5_8           //客户端程序

samba-swat-3.0.33-3.39.el5_8             //Web管理后台

主要程序

–smbd ： 提供对文件、打印资源的共享访问

         监听端口 TCP 139 、 TCP445

–nmbd ： 提供基于NetBios协议的主机名解析

         监听端口 UDP137 、UDP138

系统服务脚本

 –    /etc/init.d/smb

配置目录及主要配置文件

–   /etc/samba/

–   /etc/samba/smb.conf

配置文件检查工具

– testparm

实验拓扑

        Linux Client

—–RHEL5.9（vmnet1）———-（vmnet1）

        Win7 Client

实验一：Samba匿名共享

将目录 /usr/src 共享给所有人

共享名设为 tools

允许所有人访问、无需密码验证

访问权限为只读

1、[root@localhost ~]# rpm -q samba-client samba samba-common

samba-client-3.0.33-3.39.el5_8

samba-3.0.33-3.39.el5_8

samba-common-3.0.33-3.39.el5_8

2、修改主配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

workgroup = pengpeng      //工作组名称         server string = Samba Server Version %v   //服务器描述 ...        log file = /var/log/samba/%m.log  //日志路径，%m 对应客户机地址 ...         max log size = 50      //最大日志容量 ...        security = share        //默认使用的安全级别（user、share、server、domain） ...          load printers = no    //屏蔽共享时看到的打印图标 [tools]                        //共享名称        comment = tools public  //共享描述        path = /usr/src       //共享目录的实际位置        public= yes          //是否所有人可用        browseable=yes       //是否隐藏        read only = yes      //只读

3、启动服务

首先检查配置

[root@localhost ~]# testparm   //检查配置命令

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[printers]"

Processing section "[tools]"

Loaded services file OK.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions  //按回车查看配置信息

[global]                                 //全局配置

        workgroup = PENGPENG

        server string = Samba Server Version %v

        security = SHARE

        passdb backend = tdbsam

        load printers = No

        cups options = raw

[homes]

        comment = Home Directories

        read only = No

        browseable = No

[printers]

        comment = All Printers

        path = /var/spool/samba

        printable = Yes

        browseable = No

[tools]                                 //自定义配置共享

        comment = tools public

        path = /usr/src

        guest ok = Yes

启动服务

[root@localhost ~]# service smb restart

关闭 SMB 服务：                                            [失败]

关闭 NMB 服务：                                            [失败]

启动 SMB 服务：                                            [确定]

启动 NMB 服务：                                            [确定]

确保服务开机启动

[root@localhost ~]# chkconfig smb on

[root@localhost ~]# chkconfig smb –list

smb             0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭

[root@localhost ~]# 

监听端口

[root@localhost ~]# netstat -anptu | grep mbd

tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      5798/smbd           

tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      5798/smbd           

udp        0      0 0.0.0.0:137                 0.0.0.0:*                               5801/nmbd           

udp        0      0 0.0.0.0:138                 0.0.0.0:*                               5801/nmbd      

4、客户端测试

windows：

  UNC路径 \192.168.8.10

 如图：

linux：

安装samba-client

[root@localhost Server]# rpm -ivh samba-client-3.0.33-3.39.el5_8.x86_64.rpm 

warning: samba-client-3.0.33-3.39.el5_8.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing…                ########################################### [100%]

        package samba-client-3.0.33-3.39.el5_8.x86_64 is already installed

[root@localhost Server]# rpm -q samba-client

samba-client-3.0.33-3.39.el5_8

[root@localhost ~]# smbclient -L 192.168.8.10       //查看共享

Password: 

Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

        Sharename       Type      Comment

        ———       —-      ——-

        tools           Disk      tools public

        IPC$            IPC       IPC Service (Samba Server Version 3.0.33-3.39.el5_8)

Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

        Server               Comment

        ———            ——-

        LOCALHOST            Samba Server Version 3.0.33-3.39.el5_8

        Workgroup            Master

        ———            ——-

        PENGPENG             LOCALHOST

        WORKGROUP            PENGPENG-PC

[root@localhost ~]# smbclient //192.168.8.10/tools     //访问共享

Password:                                              //匿名共享，任意密码

Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

Server not using user level security and no password supplied.

smb: > ls

  .                                   D        0  Wed Aug 20 11:49:58 2014

  ..                                  D        0  Wed Aug 20 11:38:11 2014

  debug                               D        0  Thu Oct  1 22:58:39 2009

  kernels                             D        0  Wed Aug 20 11:41:30 2014

  redhat                              D        0  Wed Aug 20 11:49:58 2014

                38751 blocks of size 524288. 29666 blocks available

smb: > 

[root@localhost ~]# mkdir -p /data/smb                    //建立挂在文件夹

[root@localhost ~]# mount -t cifs //192.168.8.10/tools /data/smb/  //挂载

Password: 

[root@localhost ~]# mount | tail -1

//192.168.8.10/tools on /data/smb type cifs (rw,mand)  //查看挂载情况

配置自动挂载：

[root@localhost ~]# vim /etc/fstab

…

/192.168.8.10/tools    /data/smb         cifs   passwd=defaults        0 0      //添加自动挂载，定义密码为空

…

[root@localhost ~]# grep smb /etc/fstab

//192.168.8.10/tools    /data/smb         cifs   passwd=defaults        0 0

[root@localhost ~]# cd /data/smb          //进入挂载目录

[root@localhost smb]# ls

debug  kernels  redhat                    //浏览成功

实验二：Samba用户验证

修改原有的 [tools] 匿名共享设置

不再允许所有人访问

只允许jack读取、tom写入

拒绝其他用户或匿名访问

上传目录的权限为755

上传文件的权限为644

1、新建相应账户与samba密码

[root@localhost ~]# useradd jack

[root@localhost ~]# useradd tom

[root@localhost ~]# echo "123456" | passwd –stdin jack

Changing password for user jack.

passwd: all authentication tokens updated successfully.

[root@localhost ~]# echo "123456" | passwd –stdin tom

Changing password for user tom.

passwd: all authentication tokens updated successfully.

[root@localhost ~]# pdbedit -a jack   //添加共享账号，必须有相对应的系统账号

new password:

retype new password:

Unix username:        jack

NT username:          

Account Flags:        [U          ]

User SID:             S-1-5-21-3977168788-1325546648-3669002591-1000

Primary Group SID:    S-1-5-21-3977168788-1325546648-3669002591-513

Full Name:            

Home Directory:       \localhostjack

HomeDir Drive:        

Logon Script:         

Profile Path:         \localhostjackprofile

Domain:               LOCALHOST

Account desc:         

Workstations:         

Munged dial:          

Logon time:           0

Logoff time:          never

Kickoff time:         never

Password last set:    三, 03 9月 2014 15:36:26 CST

Password can change:  三, 03 9月 2014 15:36:26 CST

Password must change: never

Last bad password   : 0

Bad password count  : 0

Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

[root@localhost ~]# pdbedit -a tom //添加共享账号，必须有相对应的系统账号

new password:

retype new password:

Unix username:        tom

NT username:          

Account Flags:        [U          ]

User SID:             S-1-5-21-3977168788-1325546648-3669002591-1001

Primary Group SID:    S-1-5-21-3977168788-1325546648-3669002591-513

Full Name:            

Home Directory:       \localhosttom

HomeDir Drive:        

Logon Script:         

Profile Path:         \localhosttomprofile

Domain:               LOCALHOST

Account desc:         

Workstations:         

Munged dial:          

Logon time:           0

Logoff time:          never

Kickoff time:         never

Password last set:    三, 03 9月 2014 15:36:41 CST

Password can change:  三, 03 9月 2014 15:36:41 CST

Password must change: never

Last bad password   : 0

Bad password count  : 0

Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

[root@localhost ~]# 

2、修改主配置文件

[root@localhost ~]# vim /etc/samba/smb.conf

1 2 3 4 5 6 7 8 9 10 11 12 13 14

...     security = user             //启用用户认证 ...   [tools]        comment = tools public        path = /usr/src            //指定共享路径        public= no                 //不对所有人开放        valid users = jack,tom     //指定合法用户        write list =tom            //用户tom可读可写        browseable=yes        read only = yes        directory mask = 0755      //上传的目录权限        create mask = 0644         //上传的文件权限 ...

[root@localhost ~]# setfacl -m u:tom:rwx /usr/src/ 

//ACL控制，单独给tom读写执行权限 （本地与共享权限交集才是最终访问权限）

[root@localhost ~]# getfacl /usr/src/        //查看目录权限

getfacl: Removing leading '/' from absolute path names

# file: usr/src

# owner: root

# group: root

user::rwx

user:tom:rwx

group::r-x

mask::rwx

other::r-x

3、启动服务

[root@localhost ~]# service smb restart

关闭 SMB 服务：                                            [确定]

关闭 NMB 服务：                                            [确定]

启动 SMB 服务：                                            [确定]

启动 NMB 服务：                                            [确定]

4、客户端测试

[root@localhost ~]# smbclient -U jack //192.168.8.10/tools   //加用户访问

Password:                                             //之前定义共享密码

Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

smb: > ls

  .                                   D        0  Wed Aug 20 11:49:58 2014

  ..                                  D        0  Wed Aug 20 11:38:11 2014

  debug                               D        0  Thu Oct  1 22:58:39 2009

  kernels                             D        0  Wed Aug 20 11:41:30 2014

  redhat                              D        0  Wed Aug 20 11:49:58 2014

                38751 blocks of size 524288. 29665 blocks available

smb: > 

[root@localhost ~]# umount /data/smb         //卸载掉之前挂载

[root@localhost ~]# mount -o username=jack //192.168.8.10/tools /data/smb

Password: 

[root@localhost ~]# mount | grep smb           

//192.168.8.10/tools on /data/smb type cifs (rw,mand)

[root@localhost ~]# 

实验三： samba账户别名与访问地址控制

         把普通用户jack设置为kaka

         设置只允许192.168.8.5地址访问

1、修改samba用户别名文件

[root@localhost ~]# vim /etc/samba/smbusers

1 2 3 4

# Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest jack = kaka                    //定义jack的用户别名kaka

2、修改主配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14

...   username map = /etc/samba/smbusers  //开启用户账号映射,虚拟用户名  ... [tools]        comment = tools public        path = /usr/src        public= no        valid users = jack,tom        write list =tom        browseable=yes        read only = yes        directory mask = 0755        create mask = 0644        hosts allow = 192.168.10.5      //添加此条语句，只允许10.5客户机访问

重启服务：

[root@localhost ~]# service smb restart

关闭 SMB 服务：                                            [确定]

关闭 NMB 服务：                                            [确定]

启动 SMB 服务：                                            [确定]

启动 NMB 服务：                                            [确定]

3、客户端测试

验证用户别名：

   [root@localhost ~]# 

[root@localhost ~]# smbclient -U kaka //192.168.8.10/tools 

//使用jack别名kaka

Password:       //使用jack密码

Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

smb: > ls

  .                                   D        0  Wed Aug 20 11:49:58 2014

  ..                                  D        0  Wed Aug 20 11:38:11 2014

  debug                               D        0  Thu Oct  1 22:58:39 2009

  kernels                             D        0  Wed Aug 20 11:41:30 2014

  redhat                              D        0  Wed Aug 20 11:49:58 2014

                38751 blocks of size 524288. 29665 blocks available

smb: > 

 验证IP地址限制：

        [root@localhost ~]# ifconfig eth0 192.168.8.6/24    

//地址修改为192.168.8.6

[root@localhost ~]# ifconfig eth0 | grep "inet addr:"

          inet addr:192.168.8.6  Bcast:192.168.8.255  Mask:255.255.255.0

[root@localhost ~]# smbclient -U jack //192.168.8.10/tools

Password: 

Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]

tree connect failed: NT_STATUS_ACCESS_DENIED

  // 无法访问

转载于:https://blog.51cto.com/linuxzkq/1583351