Samba
'Server Message Block(SMB信息服務塊)是windows服務器和客戶端之間實現文件共享的服務協議。'
'Samba是在linux和UNix系統上實現SMB協議的一個免費軟件,由服務器及客戶端程序構成'
'Samba的主要部分:兩個守護程序:smbd和nmbd(對客戶端提供NetBIOS名服務)'
'配置文件:/etc/smb.conf'
服務端軟件包與客戶端軟件包
| 服務端軟件包 | samba |
|---|---|
| 客戶端軟件包 | cifs-utils |
Samba監聽端口
| TCP | UDP |
|---|---|
| 139/445 | 137/138 |
'tcp端口相對應的服務是smbd服務,其作用是提供對服務器中文件、打印資源的共享訪問'
'Udp端口相對應的服務是nmbd服務,其作用是提供基於NetBIOS主機名稱的解析'Samba服務配置
| 服務端IP | 客戶端IP |
|---|---|
| 192.168.228.21 | 192.168.228.20 |
'關閉防火牆'
[root@yaoxiaorong ~]# setenforce 0
[root@yaoxiaorong ~]# systemctl stop firewalld
'安裝Samba服務程序'
[root@yaoxiaorong ~]# yum install samba*
'啓動Samba服務程序'
[root@yaoxiaorong ~]# systemctl start smb
'設置smb服務隨系統啓動而啓動'
[root@yaoxiaorong ~]# systemctl enable smb
samba主配置文件
'通過過濾篩選Samba服務程序已註釋的配置文件'
[root@yaoxiaorong ~]# egrep -v '^#|^$' /etc/samba/smb.conf
[global] 全局參數
workgroup = SAMBA 工作組名稱
security = user 安全驗證方式,總共有四種
' share:無需驗證身份,簡單方便,安全性差 '
'usr:需要驗證用戶密碼纔可訪問,安全性高'
'server:需要通過三方服務驗證賬號密碼,(集中管理賬戶)'
'domain:使用域控制器進行身份驗證'
passdb backend = tdbsam 定義用戶後臺的類型,共有3種
'smbpasswd:爲系統用戶設置Samba服務程序的密碼'
'tdbsam:創建數據庫文件並哦使用pdbedit命令建立samba服務程序'
'ldapsam:基於ldap服務進行賬戶驗證'
printing = cups 設置Samba共享打印機的類型
printcap name = cups 設置共享打印機的配置文件
load printers = yes 設置在Samba服務啓動時是否共享打印機設備
cups options = raw 打印機的選項
[homes] 共享參數
comment = Home Directories 描述信息
valid users = %S, %D%w%S 允許訪問該共享的用戶
browseable = No 指定共享信息是否在“網上鄰居”中可見
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775創建映射共享目錄
'創建用戶tom’
[root@yaoxiaorong ~]# useradd -M tom
'爲tom用戶創建smb共享密碼'
[root@yaoxiaorong ~]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
'假設這裏映射tom用戶爲share用戶,那麼就要在/etc/samba/smbusers文件中添加如下內容:'
[root@yaoxiaorong ~]# echo 'tom = share' > /etc/samba/smbusers
'在/etc/samba/smb.conf添加如下內容:'
[root@yaoxiaorong ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
username map = /etc/samba/smbusers
'創建一個共享目錄yaoxiaorong'
[root@yaoxiaorong ~]# mkdir /opt/yaoxiaorong
[root@yaoxiaorong ~]# chown -R tom.tom /opt/yaoxiaorong/
[root@yaoxiaorong ~]# ll /opt/
total 0
drwxr-xr-x. 2 tom tom 6 Aug 6 21:38 yaoxiaorong配置共享
[root@yaoxiaorong ~]# cat >> /etc/samba/smb.conf <<EOF
> [yaoxiaorong] 共享名
> comment = Is very happy 描述信息,任意字符串
> path = /opt/yaoxiaorong/ 共享目錄路徑
> browseable = yes 指定該共享是否可以瀏覽
> guest ok = yes 表示設置是否所有人均可訪問共享目錄
> writable = yes 指定該共享路徑是否可寫
> write list = share 表示設置允許寫的用戶和組
> public = yes 表示設置是否允許匿名用戶訪問
> EOF
[root@yaoxiaorong ~]# tail -8 /etc/samba/smb.conf
[yaoxiaorong]
comment = Is very happy
path = /opt/yaoxiaorong/
browseable = yes
guest ok = yes
writable = yes
write list = share
public = yes
testparm
'測試配置文件是否有語法錯誤,以及顯示最終生效的配置'
[root@yaoxiaorong ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
重新啓動smb服務:
'重新啓動smb服務'
[root@yaoxiaorong ~]# systemctl restart smb
'重新加載smb服務'
[root@yaoxiaorong ~]# systemctl reload smb在客戶機查看samba服務器有哪些共享資源
'yum查找smbclient軟件包的絕對路徑'
[root@yaoxiaorong ~]# yum provides *bin/smbclient
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.neusoft.edu.cn
* updates: mirrors.nju.edu.cn
base/7/x86_64/filelists_db | 6.9 MB 00:05
samba-client-4.7.1-6.el7.x86_64 : Samba client programs
Repo : base
Matched from:
Filename : /usr/bin/smbclient
samba-client-4.7.1-6.el7.x86_64 : Samba client programs
Repo : @base
Matched from:
Filename : /usr/bin/smbclient
[root@yaoxiaorong ~]# yum install -y samba-client
'在客戶機查看samba服務器有哪些共享資源'
[root@yaoxiaorong ~]# smbclient -L 192.168.228.21 -U share
Enter SAMBA\share's password:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.7.1)
yaoxiaorong Disk Is very happy
tom Disk Home Directories
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
將samba服務器的共享資源yaoxiaorong掛載到客戶機本地
[root@yaoxiaorong ~]# mkdir /opt/smb
[root@yaoxiaorong ~]# mount -t cifs //192.168.228.21/yaoxiaorong /opt/smb -o username=share,password=1
[root@yaoxiaorong ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 5.0G 1.5G 3.5G 31% /
devtmpfs 478M 0 478M 0% /dev
tmpfs 489M 0 489M 0% /dev/shm
tmpfs 489M 6.8M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 10G 125M 9.9G 2% /boot
/dev/mapper/centos-var 5.0G 165M 4.9G 4% /var
tmpfs 98M 0 98M 0% /run/user/0
//192.168.228.21/yaoxiaorong 17G 1.8G 16G 11% /opt/smb
驗證
'在客戶機上進入共享目錄創建新文件'
[root@yaoxiaorong ~]# cd /opt/smb
[root@yaoxiaorong smb]# touch a
[root@yaoxiaorong smb]# mkdir b
[root@yaoxiaorong smb]# ls
a b
'在服務端查看共享的目錄裏面是否存在客戶端創建的文件和目錄'
[root@yaoxiaorong ~]# cd /opt/yaoxiaorong/
[root@yaoxiaorong yaoxiaorong]# ls
a b
配置匿名共享
| 服務器IP | 客戶端IP |
|---|---|
| 192.168.228.20/24 | 192.168.228.21/24 |
配置匿名共享時,還是需要關閉防火牆
'使用yum命令安裝samba服務器'
[root@yaoxiaorong ~]# yum install samba-* -y
'然後在全局配置中添加如下內容:紅色字體就是添加的內容'
[root@yaoxiaorong ~]# vim /etc/samba/smb.conf
[root@yaoxiaorong ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
'map to guest = Bad User'
創建一個共享目錄,創建目錄名爲yaoxiaorong
[root@yaoxiaorong ~]# mkdir /opt/yaoxiaorong
[root@yaoxiaorong ~]# chmod 777 /opt/yaoxiaorong/
[root@yaoxiaorong ~]# ll /opt/
total 0
drwxrwxrwx. 2 root root 6 Aug 7 16:33 yaoxiaorong
'配置共享'
[root@yaoxiaorong ~]# cat >> /etc/samba/smb.conf <<EOF
> [yaoxiaorong]
> comment = yaoxiaorong
> path = /opt/yaoxiaorong/
> browseable = yes
> guest ok = yes
> writable = yes
> public = yes
> EOF
啓動smb服務:
[root@yaoxiaorong ~]# systemctl start smb
[root@yaoxiaorong ~]# systemctl restart smb
'在客戶機查看samba服務器有哪些共享資源'
[root@yaoxiaorong ~]# smbclient -L 192.168.228.20 -U 'Bad User'
Enter SAMBA\Bad User's password:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
yaoxiaorong Disk yaoxiaorong
IPC$ IPC IPC Service (Samba 4.7.1)
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
'將samba服務器的共享資源yaoxiaorong掛載到客戶機本地'
[root@yaoxiaorong ~]# mkdir /opt/smb
[root@yaoxiaorong ~]# mount -t cifs //192.168.228.20/yaoxiaorong /opt/smb -o username='Bad User'
[root@yaoxiaorong ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_yaoxiaorong-root 17G 1.7G 16G 10% /
devtmpfs 478M 0 478M 0% /dev
tmpfs 489M 0 489M 0% /dev/shm
tmpfs 489M 6.7M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
/dev/sda1 1014M 125M 890M 13% /boot
tmpfs 98M 0 98M 0% /run/user/0
//192.168.228.20/yaoxiaorong 5.0G 1.6G 3.5G 32% /opt/smb
在客戶機上進入共享目錄創建文件或目錄驗證一下,並在服務器上查看客戶機創建的文件
'客戶機'
[root@yaoxiaorong ~]# cd /opt/smb/
[root@yaoxiaorong smb]# touch yxr
[root@yaoxiaorong smb]# mkdir xxx
'服務器'
[root@yaoxiaorong ~]# cd /opt/yaoxiaorong/
[root@yaoxiaorong yaoxiaorong]# ls
xxx yxr