一、Samba
Samba是SMB的一种实现方法,主要用来实现Linux系统的文件和打印服务。Linux用户通过配置使用Samba服务器可以实现与Windows 用户的资源共享。守护进程smbd和nmbd是Samba的核心,在全部时间内运行。nmbd程序使得通过企图计算机可以浏览Linux服务器。
1、Samba的安装
我们只通过yum安装
[root@Samba ~]# yum install -y samba
2、Samba配置
[root@Samba ~]# vim /etc/samba/smb.conf # Samba的全局配置 #======================= Global Settings ===================================== [global] # 网络的相关选项 # ----------------------- Network Related Options ------------------------- workgroup = WORKGROUP server string = Samba Server Version %v ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # 日志选项 # --------------------------- Logging Options ----------------------------- log file = /var/log/samba/log.%m max log size = 50 # 独立服务器选项 # ----------------------- Standalone Server Options ------------------------ ; security = user ; passdb backend = tdbsam # 域成员选项 # ----------------------- Domain Members Options ------------------------ ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = <NT-Server-Name> # 域控制选项 # ----------------------- Domain Controller Options ------------------------ ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes ; logon script = %m.bat ; logon script = %u.bat ; logon path = \\%L\Profiles\%u ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # 浏览器控制选项 # ----------------------- Browser Control Options ---------------------------- ; local master = no ; os level = 33 ; preferred master = yes # 名字解析 #----------------------------- Name Resolution ------------------------------- ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # 打印选项 # --------------------------- Printing Options ----------------------------- load printers = yes cups options = raw ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = cups # 文件系统选项 # --------------------------- Filesystem Options --------------------------- ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes # 定义共享选项 #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff
案例一:不需密码的分享 (security = share, 纯测试)
# 编辑Samba配置 [root@Samba ~]# vim /etc/samba/smb.conf [global] # workgroup 修改为 windows同一工作组 workgroup = WORKGROUP server string = Samba Server Version %v ....................................................... # 共享模式有user,share,server,domain # security = user #这里指定samba的安全等级。关于安全等级有四种: # share:用户不需要账户及密码即可登录samba服务器 # user:由提供服务的samba服务器负责检查账户及密码(默认) # server:检查账户及密码的工作由另一台windows或samba服务器负责 # domain:指定windows域控制服务器来验证用户的账户及密码。 security = user 改为 security = share ....................................................... # 共享模块的配置 [homes] comment = Home Directories # 共享的地址 path = /data/samba browseable = yes public = yes writable = no # 创建共享目录 [root@samba ~]# mkdir -p /data/samba [root@samba ~]# chmod 777 !$ chmod 777 /data/samba # 对smb配置检测 [root@samba ~]# testparm -v # 启动samba服务 [root@samba ~]# /etc/init.d/smb start 启动 SMB 服务: [确定] # 设置开机启动 [root@samba ~]# chkconfig --list |grep smb smb 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 [root@samba ~]# chkconfig --level 3 smb on [root@samba ~]# chkconfig --list |grep smb smb 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:关闭 6:关闭 [root@samba ~]# service smb start 启动 SMB 服务: [确定]
# 注:iptables 与 selinux
windows 测试
在windows 中资源管理器输入samba服务器IP地址
如下图:
在这里我们看到了share,这个就是我们之前在smb.conf配置的共享模块名字,接下来我在里服务器上编辑一个文件,看看能否在windows客户端看见
[root@samba ~]# vim /data/samba/test.txt 测试
在Linux系统测试
# 在linux系统中需要安装samba-client [root@mysql ~]# yum install -y samba-client # 命令smbclient # 选项:-L :仅查阅后面接的主机所提供分享的目录资源; # -U :以后面接的这个账号来尝试取得该主机的可使用资源 [root@mysql ~]# smbclient -L 192.168.0.175 Enter root's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6] Sharename Type Comment --------- ---- ------- share Disk Home Directories IPC$ IPC IPC Service (Samba Server Version 3.6.23-14.el6_6) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6] Server Comment --------- ------- Workgroup Master --------- ------- # 挂载samba共享目录 [root@mysql ~]# mount -t cifs //192.168.0.175/share /mnt
案例二:使用账户密码登录,访问
# 修改配置文件包含以下内容 [root@samba ~]# vim /etc/samba/smb.conf [global] workgroup = WORKGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 # 主要修改这里 security = user passdb backend = tdbsam load printers = yes cups options = raw # 共享的模块名 [share] # 对共享目录的描述 comment = Home Directories # 共享的实际目录 path = /data browseable = yes public = yes writable = yes # 先创建用户 [root@samba ~]# useradd testuser_1 [root@samba ~]# useradd testuser_2 # 为samba添加系统账号 # pdbedit命令选项: # -a 创建用户 # -u 指定用户 # -x 删除用户 # -L 列出所有用户 # -v 详细的信息 [root@samba ~]# pdbedit -a testuser_1 new password: retype new password: .................以下省略................ [root@samba ~]# pdbedit -a testuser_2 new password: retype new password: ................以下省略................ # 列出创建的samba账户 [root@samba ~]# pdbedit -L testuser_1:500: testuser_2:501: # 创建共享目录,更改权限 [root@samba ~]# mkdir /data [root@samba ~]# chmod 777 !$ chmod 777 /data [root@samba ~]# service smb start 启动 SMB 服务: [确定]
在浏览器测试
有时候访问不通,需要注意一下iptables和selinux
Linux端访问及使用
# 访问格式smbclient //IP/共享名 -U 用户名 [root@lamp ~]# smbclient //192.168.0.132/myshare -U testuser_1 Enter testuser_1's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6] smb: \> ls . D 0 Fri May 29 08:13:44 2015 .. DR 0 Fri May 29 08:01:51 2015 2 D 0 Fri May 29 08:13:38 2015 47077 blocks of size 262144. 39774 blocks available smb: \> # 挂载 [root@lamp ~]# mount -t cifs //192.168.0.132/myshare /mnt -o username=testuser_1,password=123456 # 报这个错误是因为没有安装cifs-utils mount: wrong fs type, bad option, bad superblock on //192.168.0.132/myshare, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program) In some cases useful info is found in syslog - try dmesg | tail or so [root@lamp ~]# cd /mnt [root@lamp mnt]# ll 总用量 0 drwxr-xr-x 2 501 501 0 5月 29 08:13 2 [root@lamp ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 12G 2.1G 8.9G 19% / tmpfs 1.9G 0 1.9G 0% /dev/shm /dev/sda1 190M 45M 136M 25% /boot //192.168.0.132/myshare 12G 1.2G 9.8G 11% /mnt
二、squid
1、squid 正向代理
安装与配置
yum安装squid
squid -v 查找squid的版本与编译参数
[root@lamp ~]# yum install -y squid # 配置内容 [root@lamp ~]# vim /etc/squid/squid.conf http_port 3128 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 8080 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access allow all cache_dir aufs /data/cache 1024 16 256 cache_mem 128 MB hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern \.(jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload refresh_pattern . 0 20% 4320 # 创建缓存目录 [root@lamp squid]# mkdir -p /data/cache # 更改权限 [root@lamp squid]# chown -R squid:squid /data/cache # 初始化数据库 [root@lamp squid]# squid -z 2015/05/30 02:02:59| Creating Swap Directories 2015/05/30 02:02:59| /data/cache exists 2015/05/30 02:02:59| Making directories in /data/cache/00 2015/05/30 02:02:59| Making directories in /data/cache/01 2015/05/30 02:02:59| Making directories in /data/cache/02 2015/05/30 02:02:59| Making directories in /data/cache/03 2015/05/30 02:02:59| Making directories in /data/cache/04 2015/05/30 02:02:59| Making directories in /data/cache/05 2015/05/30 02:02:59| Making directories in /data/cache/06 2015/05/30 02:02:59| Making directories in /data/cache/07 2015/05/30 02:02:59| Making directories in /data/cache/08 2015/05/30 02:02:59| Making directories in /data/cache/09 2015/05/30 02:02:59| Making directories in /data/cache/0A 2015/05/30 02:02:59| Making directories in /data/cache/0B 2015/05/30 02:02:59| Making directories in /data/cache/0C 2015/05/30 02:02:59| Making directories in /data/cache/0D 2015/05/30 02:02:59| Making directories in /data/cache/0E 2015/05/30 02:02:59| Making directories in /data/cache/0F # 启动squid [root@lamp squid]# /etc/init.d/squid start 正在启动 squid:. [确定] # 检查配置文件正确性 [root@lamp squid]# squid -kcheck # 重新加载配置 [root@lamp squid]# squid -k rec # 重新启动squid [root@lamp squid]# service squid restart 停止 squid:................ [确定] 正在启动 squid:. [确定] # 进行图片测试 [root@lamp squid]# curl -xlocalhost:3128 -I http://www.xinhuanet.com/photo/titlepic/12785/127857498_1432887593222_title0h.jpg HTTP/1.0 200 OK Server: nginx/1.2.6 Date: Sat, 30 May 2015 02:12:52 GMT Content-Type: image/jpeg Content-Length: 14053 Last-Modified: Fri, 29 May 2015 08:32:43 GMT Accept-Ranges: bytes Powered-By-ChinaCache: HIT from 060120c3H5.4 Expires: Sat, 30 May 2015 02:17:52 GMT Age: 211 Powered-By-ChinaCache: HIT from 010123b3H8 X-Cache: MISS from lamp <== 这里提示未命中 X-Cache-Lookup: MISS from lamp:3128 <== 这里提示未命中 Via: 1.0 lamp (squid/3.1.10) Connection: keep-alive [root@lamp squid]# curl -xlocalhost:3128 -I http://www.xinhuanet.com/photo/titlepic/12785/127857498_1432887593222_title0h.jpg HTTP/1.0 200 OK Server: nginx/1.2.6 Date: Sat, 30 May 2015 02:12:52 GMT Content-Type: image/jpeg Content-Length: 14053 Last-Modified: Fri, 29 May 2015 08:32:43 GMT Accept-Ranges: bytes Powered-By-ChinaCache: HIT from 060120c3H5.4 Expires: Sat, 30 May 2015 02:17:52 GMT Powered-By-ChinaCache: HIT from 010123b3H8 Age: 252 X-Cache: HIT from lamp <== 已命中 X-Cache-Lookup: HIT from lamp:3128 <== 已命中 Via: 1.0 lamp (squid/3.1.10) Connection: keep-alive
黑名单白名单控制访问
增加内容
acl http proto HTTP
acl bad_domain dstdomain .taobao.com .jd.com
http_access allow http bad _domain
#http_access deny http !good_domain
2、squid反向代理
# 修改配置 [root@web ~]# vim /etc/squid/squid.conf .................... http_port 3128 <== 修改为http_port 80 accel vhost vport .................... # 增加的内容 cache_peer 14.17.32.211 parent 80 0 originserver name=a cache_peer 180.97.33.107 parent 80 0 originserver name=b cache_peer_domain a www.qq.com cache_peer_domain b www.baidu.com .............................
如果是squid要代理一台web上的所有域名,那么就写成这样: cache_peer 192.168.10.111 80 0 originserver #只需要这一行,cache_peer_domain 都可以省掉
/etc/init.d/squid restart