实验01:Samba服务器配置
实验目标:
掌握samba服务器的配置
实验步骤:
用户认证的共享设置
添加共享账号(设置密码)
[root@svr5~]# useradd nick
[root@svr5~]# useradd hunter
[root@svr5~]# pdbedit -a nick
new password:
retype newpassword:
Unixusername: nick
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3518153897-1939475618-2660747277-1000
Primary GroupSID: S-1-5-21-3518153897-1939475618-2660747277-513
Full Name:
HomeDirectory: \\svr5\nick
HomeDirDrive:
LogonScript:
ProfilePath: \\svr5\nick\profile
Domain: SVR5
Accountdesc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 三, 06 2月 2036 23:06:39 CST
Kickofftime: 三, 06 2月 203623:06:39 CST
Password lastset: 一, 15 9月 2014 01:38:14 CST
Password canchange: 一, 15 9月 2014 01:38:14 CST
Password mustchange: never
Last badpassword : 0
Bad passwordcount : 0
Logon hours :FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@svr5~]# pdbedit -a hunter
new password:
retype newpassword:
Unixusername: hunter
NT username:
AccountFlags: [U ]
User SID: S-1-5-21-3518153897-1939475618-2660747277-1001
Primary GroupSID: S-1-5-21-3518153897-1939475618-2660747277-513
Full Name:
HomeDirectory: \\svr5\hunter
HomeDirDrive:
LogonScript:
ProfilePath: \\svr5\hunter\profile
Domain: SVR5
Accountdesc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 三, 06 2月 2036 23:06:39 CST
Kickofftime: 三, 06 2月 203623:06:39 CST
Password lastset: 一, 15 9月 2014 01:38:27 CST
Password canchange: 一, 15 9月 2014 01:38:27 CST
Password must change:never
Last badpassword : 0
Bad passwordcount : 0
Logon hours :FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@svr5~]# smbpasswd nick
New SMBpassword:
Retypenew SMB password:
修改tools共享设置
[root@svr5~]# vim /etc/samba/smb.conf
[global]
security= user //启用用户认证
[tools]
comment = Test Share Direstory
path = /usr/src //指定共享路径
public = no //不对所有人开放
read only = yes //默认的权限为只读
valid users = nick,hunter //指定合法用户
write list = hunter //用户hunter可读可写
[root@svr5~]# setfacl -m user:hunter:rwx /usr/src/
[root@svr5~]# service smb restart
关闭 SMB 服务: [确定]
启动 SMB 服务: [确定]
客户端访问验证
smbclient -U 用户名 //服务器地址/共享名
匿名访问应该被拒绝;
以nick访问时为只读;
以hunter访问时可读可写
[root@pc205~]# smbclient -U nick //192.168.4.5/tools
Enter nick'spassword:
Domain=[TARENA]OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> ls
. D 0 Fri Sep 12 10:29:13 2014
.. D 0 Fri Sep 12 10:29:13 2014
debug D 0 Tue Jun 28 22:13:01 2011
kernels D 0 Tue Jun 28 22:13:01 2011
39371blocks of size 1048576. 33888 blocks available
练习十:共享账号别名
[root@pc205~]# vim /etc/samba/smbusers
# Unix_name =SMB_name1 SMB_name2 ...
root =administrator admin
nobody = guestpcguest smbguest
hunter= hijack
启用别名映射
[root@svr5~]# vim /etc/samba/smb.conf
[global]
username map = /etc/samba/smbusers
[root@pc205~]# service smb restart
关闭 SMB 服务: [确定]
启动 SMB 服务: [确定]
客户端验证
[root@pc205~]# smbclient -U hijack //192.168.4.5/tools
Enter hijack'spassword:
Anonymous loginsuccessful
Domain=[TARENA]OS=[Unix] Server=[Samba 3.6.9-164.el6]
tree connectfailed: NT_STATUS_ACCESS_DENIED
问题和经验总结
故障现象:
[root@pc205 ~]#smbclient -U nick 192.168.4.5/tools
192.168.4.5\tools:Not enough '\' characters in service
用法: smbclient [-?EgBVNkPeC] [-?|--help] [--usage]
[-R|--name-resolve NAME-RESOLVE-ORDER][-M|--message HOST]
[-I|--ip-address IP] [-E|--stderr][-L|--list HOST]
[-m|--max-protocol LEVEL] [-T|--tar<c|x>IXFqgbNan] [-D|--directory DIR]
[-c|--command STRING] [-b|--send-bufferBYTES] [-p|--port PORT]
[-g|--grepable] [-B|--browse][-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE][-l|--log-basename LOGFILEBASE]
[-V|--version] [--option=name=value]
[-O|--socket-options SOCKETOPTIONS][-n|--netbiosname NETBIOSNAME]
[-W|--workgroup WORKGROUP] [-i|--scopeSCOPE] [-U|--user USERNAME]
[-N|--no-pass] [-k|--kerberos][-A|--authentication-file FILE]
[-S|--signing on|off|required][-P|--machine-pass] [-e|--encrypt]
[-C|--use-ccache] service<password>
解决办法:
检查命令输入是否正确,这里的错误是在服务器的地址前面少了“//”,加上去就可以访问