Samba服務器配置

SMB文件共享

通用Internet文件系統(CIFS)也稱爲服務器信息塊(SMB),是適用於MicrosoftWindows服務器和客戶端的標準文件和打印機共享系統。

Samba服務可用於將Linux文件系統作爲CIFS/SMB網絡文件共享進行共享,並將Linux打印機作爲CIFS/SMB打印機共享進行共享。

Samba服務的組成部分

1. 軟件包:

Samba-common – Samba的支持文件

Samba-client – 客戶端應用程序

Samba – 服務器應用程序

2. 服務名稱:smb nmb

3. 服務端口: 通常使用TCP/445進行所有連接。還使用UDP137、UDP138和TCP/139進行向後兼容

4. 主配置文件:/etc/samba/smb.conf

3/etc/samba/smb.conf: [global]部分

workgroup

hosts allow

用於指定Windows工作組或網絡域名。

hosts allow是用逗號、空格或製表符分隔的允許訪問服務的主機集合。如果在[global]部分中指定, 將適用於所有服務,無論單個服務是否具有不同的設置。您可以按名稱或IP號指定主機。例如,您可以使用allow hosts = 192.168.0. 表示允許一個網絡。

安全性

該選項影響客戶端如何響應Samba,並且在smb.conf文件中是最重要的設置之一。

security = user

客戶端必須通過有效的用戶名和密碼登錄。

security = domain

只有當計算機已添加到NT域時才能正常工作。它要求將encrypted passwords 參數設置爲yes。在該模式中,Samba通過將用戶名/密碼傳遞至

Windows NT主域控制器或備份域控制器來進行驗證,與Windows NT Server採用的方式完全一樣。請注意,有效的UNIX用戶以及域控制器上的賬戶必須仍然存在,以允許Samba具有有效的UNIX賬戶,可用以映射文件訪問。您必須設置 passwd server參數,爲Samba提供服務器,以驗證密碼。

4security = server

Samba將通過將用戶名/密碼傳遞至另一個SMB服務器來嘗試進行驗證。您必須設置password server參數, 爲samba提供服務器, 以驗證密碼。

security = ads

amba在ADS realm中作爲域成員。如要在該模式下操作,運行Samba的

計算機需要安裝並配置Kerberos,並且需要使用net實用程序將Samba加入ADS realm。

/etc/samba/smb.conf:其他部分

[homes]

此共享(默認情況下啓用)是一個特別共享,通過CIFS使用戶的主目錄可。它包括browseable= no, 因此在用戶進行身份驗證之前,將不會顯示爲可用共享。共享名稱可以指定爲homes(在這種情況下, Samba服務器會將其轉換爲用戶的主目錄路徑)或username。

[printers]

默認情況下也可用,將共享當前可用的打印機。

[share]

如果您想要設置其他共享,請將共享名稱放置在括號中,如上所示。共享需要至少一個path參

數。

5SMB用戶

useradd

security = user需要UNIX和Samba賬戶信息。添加用戶(最好使用與Samba賬戶一樣的名稱),

或在/etc/samba/smbusers中放置條目(有一些示例)。如果您創建僅Samba用戶,請將UNIX密

碼設置爲/sbin/nologin。

[root@serverX ~]# useradd -s /sbin/nologin wxh

smbpasswd

如果您沒有Samba密碼服務器,則必須在本地計算機上創建身份驗證數據。使用smbpasswd創 Samba賬戶和密碼。

如果smbpasswd只傳遞一個用戶名而不帶任何選項,它將嘗試更改賬戶密碼。傳遞-a選項將添加賬戶並設置密碼。

[root@serverX ~]# smbpasswd -a wxh

New SMB password: westos

Retype new SMB password: westos

Added user wxh.

www.westos.org

6保護SMB

samba_enable_home_dirs和use_samba_home_dirs SELinux布爾值

samba_enable_home_dirs布爾值允許本地Linux主目錄作爲CIFS文件共享導出至其他系統。另一方面 use_samba_home_dirs布爾值允許掛載遠程CIFS文件共享並將其用作本地Linux主目錄。

# setsebool -P samba_enable_home_dirs on

samba_share_t

用於共享用戶自定義samba共享

# chcon -R -t samba_share_t /smbshare

或 # semanage fcontext -a -t samba_share_t '/smbshare(/.*)?'

# restorecon -vvFR /smbshare

samba_export_all_ro 和 samba_export_all_rw

用於共享系統目錄

# setsebool -P samba_export_all_ro on

# setsebool -P samba_export_all_rw on

7訪問CIFS共享

連接到CIFS文件共享的四個基本方法:

1. 圖形訪問CIFS共享

轉至 “網絡” --> “連接服務器”。填寫以下字段:

Server Address : 172.25.0.11

Userame: wxh

Password: westos

2. 命令行FTP方式訪問CIFS共享:

[root@server0 ~]# smbclient -L server0.example.com -U wxh

Enter wxh's password: westos

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

Sharename

Type

---------

IPC$

smbshare

wxh

Comment

----

IPC

Disk

-------

IPC Service (Samba Server Version 4.1.1)

test

Home Directories

8[root@server0 ~]# smbclient //server0.example.com/smbshare -U wxh

Enter wxh's password: westos

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Thu Dec 18 17:27:27 2014

.. D 0 Thu Dec 18 11:37:20 2014

testfile

12 Thu Dec 18 11:38:03 2014

3. 手動掛載CIFS共享

[root@server0 ~]# mount -o username=wxh //server0.example.com/smbshare /mnt/wxh

4. 永久掛載CIFS共享

將以下行添加到/etc/fstab:

//server0.example.com/smbshare /mnt/wxh

cifs

credentials=/root/userpasswd 0 0

創建/root/userpasswd:

user=wxh

pass=westos

10SMB多用戶掛載

Demo: (desktopX)

安裝cifs-utils軟件包,它包含了cifscreds命令:

# yum install -y cifs-utils

創建smb多用戶掛載目錄:

# mkdir /mnt/multiuser

建立smb認證文件:

# echo 'username=brian' > /root/smb-multiuser.txt

# echo 'password=redhat' > /root/smb-multiuser.txt

編輯/etc/fstab,永久掛載smb共享:

//server0/smbshare /mnt/multiuser cifs credentials=/root/smb-multiuser.txt,multiuser,

sec=ntlmssp 0 0

# mount -a

11# su - brian

$ touch /mnt/multiuser/test.txt

touch: cannot touch ‘/mnt/multiuser/brian.txt’: Permission denied

$ cifscreds add server0

Password: redhat

$ echo "multiuser" > /mnt/multiuser/brian.txt

$ cat /mnt/multiuser/brian.txt

multiuser

$ exit

# su - rob

$ cifscreds add server0

Password: redhat

$ echo "multiuser" > /mnt/multiuser/rob.txt

-bash: /mnt/multiuser/rob.txt: Permission denied

$ cat /mnt/multiuser/brian.txt

multiuser

操作實例

(1)安裝samba以及添加samba用戶

[root@localhost ~]# yum search samba

Loaded plugins: langpacks

rhel_dvd | 4.1 kB 00:00

(1/2): rhel_dvd/primary_db | 3.4 MB 00:00

(2/2): rhel_dvd/group_gz | 134 kB 00:00

================= N/S matched: samba =================

samba-client.x86_64 : Samba client programs

samba-common.x86_64 : Files used by both Samba servers

: and clients

samba-libs.i686 : Samba libraries

samba-libs.x86_64 : Samba libraries

samba-python.x86_64 : Samba Python libraries

samba-winbind.x86_64 : Samba winbind

samba-winbind-modules.i686 : Samba winbind modules

samba-winbind-modules.x86_64 : Samba winbind modules

samba.x86_64 : Server and Client software to

: interoperate with Windows machines

Name and summary matches only, use "search all" for everything.

[root@localhost ~]# yum install samba-client.x86_64 samba-common.x86_64 samba.x86_64

Loaded plugins: langpacks

Package samba-common-4.1.1-31.el7.x86_64 already installed and latest version

Resolving Dependencies

--> Running transaction check

---> Package samba.x86_64 0:4.1.1-31.el7 will be installed

---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

======================================================

Package Arch Version Repository

Size

======================================================

Installing:

samba x86_64 4.1.1-31.el7 rhel_dvd 527 k

samba-client x86_64 4.1.1-31.el7 rhel_dvd 513 k

Transaction Summary

======================================================

Install 2 Packages

Total download size: 1.0 M

Installed size: 2.9 M

Is this ok [y/d/N]: y

Downloading packages:

(1/2): samba-4.1.1-31.el7.x86_64 | 527 kB 00:00

(2/2): samba-client-4.1.1-31.el7 | 513 kB 00:00

------------------------------------------------------

Total 8.2 MB/s | 1.0 MB 00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : samba-4.1.1-31.el7.x86_64 1/2

Installing : samba-client-4.1.1-31.el7.x86_64 2/2

Verifying : samba-client-4.1.1-31.el7.x86_64 1/2

Verifying : samba-4.1.1-31.el7.x86_64 2/2

Installed:

samba.x86_64 0:4.1.1-31.el7

samba-client.x86_64 0:4.1.1-31.el7

Complete!

[root@localhost ~]# systemctl start smb

[root@localhost ~]# firewall-cmd --add-service=samba --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# smbpasswd -a student

New SMB password:

Retype new SMB password:

Added user student.

[root@localhost ~]# useradd westos

[root@localhost ~]# passwd westos

Changing password for user westos.

New password:

BAD PASSWORD: The password is shorter than 8 characters

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost ~]# smbpasswd -a westos

New SMB password:

Retype new SMB password:

Added user westos.

[root@localhost ~]# pdbedit -L

student:1000:Student User

westos:1001:

[root@localhost ~]# touch /home/westos/file

[root@localhost ~]# smbclient -L //172.25.254.137/westos -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

student Disk Home Directories

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# smbclient -L //172.25.254.137/westos -U westos

Enter westos's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

westos Disk Home Directories

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# setsebool -P samba_enable_home_dirs 1

[root@localhost ~]# smbclient //172.25.254.137/westos -U westos

Enter westos's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Mon May 1 21:22:41 2017

.. D 0 Mon May 1 21:18:58 2017

.bash_logout H 18 Wed Jan 29 07:45:18 2014

.bash_profile H 193 Wed Jan 29 07:45:18 2014

.bashrc H 231 Wed Jan 29 07:45:18 2014

.mozilla DH 0 Thu Jul 10 18:29:32 2014

.config DH 0 Thu Jul 10 19:06:52 2014

file N 0 Mon May 1 21:22:41 2017

40913 blocks of size 262144. 28594 blocks available

smb: \> quit

(2)共享一個目錄test

[root@localhost ~]# mkdir /westos

[root@localhost ~]# vim /etc/samba/smb.conf

[test]

comment = westos directory

path = /westos

[root@localhost ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'

[root@localhost ~]# restorecon -RvvF /westos/

restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

[root@localhost ~]# smbclient //172.25.254.137/test -U westos

Enter westos's password:

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Mon May 1 21:57:11 2017

.. D 0 Mon May 1 21:57:11 2017

40913 blocks of size 262144. 28594 blocks available

smb: \> quit

[root@localhost ~]#

(3）samba匿名用戶白名單與黑名單

[root@localhost ~]# vim /etc/samba/smb.conf

[root@localhost ~]# systemctl restart smb

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

TEST Disk westos directory

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# vim /etc/samba/smb.conf

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

[root@localhost ~]# vim /etc/samba/smb.conf

[root@localhost ~]# systemctl restart smb

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

TEST Disk westos directory

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# vim /etc/samba/smb.conf

[root@localhost ~]# systemctl restart smb

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

TEST Disk westos directory

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

Anonymous login successful

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost ~]# vim /etc/samba/smb.conf

[root@localhost ~]# smbclient -L //172.25.254.137

Enter root's password:

proto

col negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

[root@localhost ~]# vim /etc/samba/smb.conf

（4）匿名用戶可寫的權力

1.[root@localhost ~]# vim /etc/samba/smb.conf

[TEST]

comment = westos directory

path = /westos

writable = yes

write list = student

[root@localhost ~]# mount //172.25.254.100/TEST /mnt/ -o username=student,password=student

mount: mount //172.25.254.100/TEST on /mnt failed: No route to host

[root@localhost ~]# mount //172.25.254.137/TEST /mnt/ -o username=student,password=student

[root@localhost ~]# df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/vda1 10473900 3157536 7316364 31% /

devtmpfs 927072 0 927072 0% /dev

tmpfs 942660 140 942520 1% /dev/shm

tmpfs 942660 17048 925612 2% /run

tmpfs 942660 0 942660 0% /sys/fs/cgroup

//172.25.254.137/TEST 10473900 3157536 7316364 31% /mnt

[root@localhost ~]# cd /mnt

[root@localhost mnt]# systemctl restart smb

[root@localhost mnt]# chmod 777 /westos

[root@localhost mnt]# touch file

[root@localhost mnt]#

2.[root@localhost mnt]# vim /etc/samba/smb.conf

[TEST]

comment = westos directory

path = /westos

writable = yes

write list = @student(student組的人都可寫)

[root@localhost mnt]# usermod -G student westos

[root@localhost mnt]# id westos

uid=1001(westos) gid=1001(westos) groups=1001(westos),1000(student)

[root@localhost mnt]# cd

[root@localhost ~]# umount /mnt

[root@localhost ~]# mount //172.25.254.137/TEST /mnt/ -o username=westos,password=student

[root@localhost ~]# cd /mnt

[root@localhost mnt]# touch file1

[root@localhost mnt]# rm -fr file

[root@localhost mnt]#

[root@localhost mnt]# vim /etc/samba/smb.conf

[TEST]

comment = westos directory

path = /westos

writable = yes

write list = @student

valid users = student

valid users = @student

browseable = yes

[root@localhost mnt]# systemctl restart smb

[root@localhost mnt]# smbclient -L //172.25.254.137 -U student

Enter student's password:

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

TEST Disk westos directory

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

student Disk Home Directories

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost mnt]# usermod -G student westos

[root@localhost mnt]# smbclient -L //172.25.254.137 -U westos

Enter westos's password:

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

TEST Disk westos directory

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

westos Disk Home Directories

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost mnt]# vim /etc/samba/smb.conf

[TEST]

comment = westos directory

path = /westos

writable = yes

write list = @student

valid users = student

valid users = @student

browseable = no (不可見)

[root@localhost mnt]# smbclient -L //172.25.254.137 -U westos

Enter westos's password:

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Sharename Type Comment

--------- ---- -------

IPC$ IPC IPC Service (Samba Server Version 4.1.1)

westos Disk Home Directories

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

Server Comment

--------- -------

Workgroup Master

--------- -------

[root@localhost mnt]#

[root@localhost mnt]# vim /etc/samba/smb.conf

[TEST]

comment = westos directory

path = /westos

writable = yes

write list = @student

valid users = student

valid users = @student

browseable = no

admin users = westos (超級用戶)

(5)匿名用戶訪問

[root@localhost mnt]# vim /etc/samba/smb.conf

[TEST] ##第一處

comment = westos directory

path = /westos

writable = yes

write list = @student

; valid users = student

; valid users = @student

browseable = no

admin users = westos

guest ok = yes

security = user ##第二處

map to guest = bad user

passdb backend = tdbsam

[root@localhost mnt]# systemctl restart smb

[root@localhost mnt]# smbclient //172.25.254.137/TEST

Enter root's password:

Domain=[CRB] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Mon May 1 22:57:03 2017

.. D 0 Mon May 1 21:57:11 2017

file1 N 0 Mon May 1 22:56:55 2017

40913 blocks of size 262144. 28578 blocks available

smb: \>

nfd

bittersweet0324

發佈了49 篇原創文章 · 獲贊 20 · 訪問量 8萬+

私信關注

Samba服務器配置

如何使用 JS 判斷用戶是否處於活躍狀態

通過HPA+CronHPA組合應對業務複雜彈性伸縮場景

Linux權限與用戶

seLinux的管理

Samba服務器配置

Linux高級管理之管理系統中的簡單分區和文件系統

Linux之自動安裝 RED HAT ENTERPRISE LINUX 與控制對文件的訪問

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結