实验需求:
搭建samba服务器
将目录/data共享,共享名设置为software
拒绝匿名用户访问,只允许manager组成员访问
1.服务器(192.168.100.1)安装软件包
[root@samba-server Desktop]# yum -y install samba samba-common samba-client
2.编辑主配置文件
[root@samba-server Desktop]# vim /etc/samba/smb.conf
……
74 workgroup = jin
75 server string = my fist file server
……
89 log file = /var/log/samba/%m.log //日志文件
...
91 max log size = 50
...
101 security = user
102 passdb backend = tdbsam
……
255 [software]
256 comment = software
257 path = /data
258 browseable = yes
259 public = no
260 writable = yes //可写
261 valid users = @manager
262 write list = @manager
[root@samba-server Desktop]# testparm //此命令测试主配置文件语法
3.创建测试用户与组,共享目录
[root@samba-server Desktop]# groupadd manager
[root@samba-server Desktop]# useradd -G manager obama
[root@samba-server Desktop]# useradd -G manager bush
[root@samba-server Desktop]# useradd sanmao //非manager组成员账号
[root@samba-server Desktop]# echo 123456 | passwd --stdin obama
[root@samba-server Desktop]# echo 123456 | passwd --stdin bush
[root@samba-server Desktop]# echo 123456 | passwd --stdin sanmao
[root@samba-server Desktop]# pdbedit -a -u obama //添加共享账号
[root@samba-server Desktop]# pdbedit -a -u bush
[root@samba-server Desktop]# pdbedit -a -u sanmao
[root@samba-server Desktop]# pdbedit -L //查看samba库中共享用户
obama:503:
bush:504:
sanmao:505:
[root@samba-server Desktop]# mkdir /data
[root@samba-server Desktop]# touch /data/test.txt
[root@samba-server Desktop]# setfacl -m g:manager:rwx /data
[root@samba-server Desktop]# getfacl /data
getfacl: Removing leading '/' from absolute path names
# file: data
# owner: root
# group: root
user::rwx
group::r-x
group:manager:rwx //确认manager组权限
mask::rwx
other::r-x
4.启动服务
[root@samba-server Desktop]# service smb start
[root@samba-server Desktop]# service nmb start
[root@samba-server Desktop]# chkconfig smb on
[root@samba-server Desktop]# chkconfig nmb on
5.linux客户端测试
[root@client ~]# smbclient -U obama //192.168.100.1/software
Enter bush's password:
Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]
smb: \> ls
. D 0 Wed Apr 16 08:50:29 2014
.. DR 0 Wed Apr 16 08:28:12 2014
test.txt 0 Wed Apr 16 08:28:40 2014
63699 blocks of size 262144. 49537 blocks available //成功登录
[root@client ~]# mount -t cifs //192.168.100.1/software /mnt -o username=obama //将共享挂载
mount: block device //192.168.100.1/software is write-protected, mounting read-only
mount: cannot mount block device //192.168.100.1/software read-only //此错误是由于未安装cifs-utils软件包
[root@client ~]#yum -y install cifs-utils
[root@client ~]# mount -t cifs //192.168.100.1/software /mnt -o username=obama //再次挂载成功
Password:
[root@client ~]# ls /mnt
test.txt
6.linux客户端使用非manager组成员sanmao测试
[root@client ~]# smbclient -U sanmao //192.168.100.1/software
Enter sanmao's password:
Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED //登录失败
7.window客户端测试
附注:samba使用账号密码登录也可实现自动挂载,但会暴露账号密码,一般不使用
开机自动挂载
vim /etc/fstab
//192.168.100.1/software /mnt cifs defaults,username=用户名,password=密码 0 0
autofs触发挂载方式
vim /etc/auto.master
/mnt /etc/auto.samba
vim /etc/auto.samba
samba -fstype=cifs,username=用户名,password=密码 ://192.168.100.1/software
service autofs restart