鸟哥学习笔记---samba-secure
[root@Centosszm ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
#PDC
samba_enable_home_dirs --> on #
samba_export_all_ro --> off
#read only
samba_export_all_rw --> off
#read and write
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> off #
virt_use_samba --> off
[root@Centosszm ~]# setsebool -P samba_enable_home_dirs=1
[root@Centosszm ~]# getsebool -a | grep samba_enable_home_dirs
samba_enable_home_dirs --> on
#共享成为SAMBA的目录不需要有samba_share_t的类型:
[root@Centosszm ~]# ll -Zd /home/project/
drwxrws---. root users unconfined_u:object_r:home_root_t:s0 /home/project/
[root@Centosszm ~]# chcon -t samba_share_t /home/project
[root@Centosszm ~]# ll -Zd /home/project/
drwxrws---. root users unconfined_u:object_r:samba_share_t:s0 /home/project/
如果共享的目录不只是SAMBA,不包括FTP等,那可能就需要使用public_content_t这个类型才行。
smbd,nmbd并不支持TCP Wrappers
SMABA上的防火墙
[root@Centosszm ~]# vi /etc/samba/smb.conf
hosts allow = 127. 192.168.12. 192.168.13. 192.168.179. 172.16.128.
[root@Centosszm ~]# /etc/init.d/smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
SMABA磁盘配额:(quotacheck -avug建立Quata数据库文件)
[root@Centosszm ~]# edquota -u smb1
[root@Centosszm ~]# edquota -p smb1 smb2
[root@Centosszm ~]# edquota -p smb1 smb3
[root@Centosszm ~]# repquota -ua
挂载Windows下的文件乱码解决办法:
[root@Centosszm ~]# mount -t vfat -o iocharset=utf8(本机),codepage=936(远程) /dev/sd[a-p][1-15] /mount/point
客户端连接方法:
方法一:
[root@Centosszm ~]# smbclient -L //192.168.179.7 -U smb1
方法二:
[root@Centosszm ~]# smbclient //192.168.179.7/smb1 -U smb1
Enter smb1's password:
Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.5.4-68.el6]
smb: \> help
? allinfo altname archive blocksize
cancel case_sensitive cd chmod chown
close del dir du echo
exit get getfacl hardlink help
history iosize lcd link lock
lowercase ls l mask md
mget mkdir more mput newer
open posix posix_encrypt posix_open posix_mkdir
posix_rmdir posix_unlink print prompt put
pwd q queue quit readlink
rd recurse reget rename reput
rm rmdir showacls setmode stat
symlink tar tarmode translate unlock
volume vuid wdel logon listconnect
showconnect .. !
方法三:
[root@Centosszm ~]# mount -t cifs //192.168.179.7/smb1 /mnt/ -o username=smb1,password=password,codepage=cp936
查询NetBIOS Name与IP及其他相关信息(-R以Wins服务器来查询某个NetBIOS Name)
[root@Centosszm ~]# nmblookup -U 192.168.179.7 vbirdhouse
querying vbirdhouse on 192.168.179.7
172.16.128.211 vbirdhouse<00>
192.168.179.7 vbirdhouse<00>
192.168.111.100 vbirdhouse<00>
#得到Name、IP、MAC
[root@Centosszm ~]# nmblookup -S vbirdhouse
querying vbirdhouse on 172.16.128.255
172.16.128.211 vbirdhouse<00>
Looking up status of 172.16.128.211
MYSERVER <00> - B <ACTIVE>
MYSERVER <03> - B <ACTIVE>
MYSERVER <20> - B <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
VBIRDHOUSE <1d> - B <ACTIVE>
VBIRDHOUSE <1e> - <GROUP> B <ACTIVE>
VBIRDHOUSE <00> - <GROUP> B <ACTIVE>
MAC Address = 00-00-00-00-00-00
#网上邻居目录树
-b:广播方式取代主要浏览器的查询
-D:仅列出工作组
-S:列出工作组与工作组下的计算机名称,不包括各项资源目录;
[root@Centosszm ~]# smbtree
#SAMBA服务器的状态;
-P:列出已经使用SAMBA连接的程序PID
-S:列出已经被使用的资源共享状态
-u:只列出用户相关的共享数据
[root@Centosszm ~]# smbstatus
Samba version 3.5.4-68.el6
PID Username Group Machine
-------------------------------------------------------------------
8856 smb1 smb1 szm (::ffff:192.168.179.1)
8936 smb1 smb1 __ffff_192.168.179.7 (::ffff:192.168.179.7)
Service pid machine Connected at
-------------------------------------------------------
project 8856 szm Sun Apr 7 16:22:46 2013
smb1 8936 __ffff_192.168.179.7 Sun Apr 7 16:42:10 2013
No locked files