紅色粗字體字爲修改後內容,藍色粗體字爲特別注意內容
1,宿主機:windows 8 ,4G內存
2,虛擬機:VMware 9.0.1
3,虛擬主機:VMware下Fedora 18,1G內存。
4,參考文章:
參考文章:詳解Fedora Samba配置安裝,Setup Samba home share in Fedora 16,Linux系統中的Samba配置
參考:http://pathbreaker.blog.163.com/blog/static/189386457201218925662/
目錄
一、samba安裝
二、samba用戶映射
三、修改samba共享配置文件
四、測試上面的配置文件是否有語法錯誤
五、添加訪問密碼將系統用戶例如andy加入到 Samba 用戶數據庫
六、修改共享目錄andy的訪問權限
七、有關的防火牆配置
八、重啓samba
九、設置Samba自啓動,通過chkconfig命令進行設置
十、訪問測試
十一、映射網絡驅動器
前提:配置samba ,以root權限登錄
一、samba安裝
首先查看samba是否安裝
[root@localhost include]# rpm -qa|grep samba
samba-common-4.0.0-168.fc18.rc5.i686
samba-libs-4.0.0-168.fc18.rc5.i686
已經安裝samba-common
再安裝samba-client samba
[root@localhost include]# yum install samba samba-client
已加載插件:langpacks, presto, refresh-packagekit
解決依賴關係
--> 執行事務檢查
---> 軟件包 samba.i686.2.4.0.3-2.fc18 將被 安裝
--> 處理依賴關係 samba-libs = 2:4.0.3-2.fc18,它被軟件包 2:samba-4.0.3-2.fc18.i686 需要
........省略
--> 完成依賴關係計算
依賴關係解決
==================================================
Package 架構 版本 倉庫 大小
==================================================
正在安裝:
samba i686 2:4.0.3-2.fc18 updates 521 k
samba-client i686 2:4.0.3-2.fc18 updates 461 k
爲依賴而更新:
libsmbclient i686 2:4.0.3-2.fc18 updates 109 k
libwbclient i686 2:4.0.3-2.fc18 updates 78 k
samba-common i686 2:4.0.3-2.fc18 updates 700 k
samba-libs i686 2:4.0.3-2.fc18 updates 4.2 M
事務概要
==================================================
安裝 2 軟件包
Upgrade ( 4 Dependent packages)
總下載量:6.0 M
確定嗎?[y/N]:y
下載軟件包:
Setting up and reading Presto delta metadata
Processing delta metadata
Download delta size: 1.5 M
(1/4): libsmbclient-4.0.0-16 | 63 kB 00:12
(2/4): libwbclient-4.0.0-168 | 58 kB 00:13
(3/4): samba-libs-4.0.0-168. | 820 kB 00:13
(4/4): samba-common-4.0.0-16 | 546 kB 00:19
Finishing rebuild of rpms, from deltarpms
<locally rebuilding deltar | 5.0 MB 00:07
Presto reduced the update size by 72% (from 5.0 M to 1.5 M).
(1/2): samba-client-4.0.3-2. | 461 kB 00:06
(2/2): samba-4.0.3-2.fc18.i6 | 521 kB 00:06
--------------------------------------------------
總計 142 kB/s | 982 kB 00:06
運行事務檢查
執行事務測試
事務測試成功
執行事務
正在升級 : 2:libwbclient-4.0.3-2.fc1 1/10
..........省略
Verifying : 2:samba-libs-4.0.0-168.fc 10/10
已安裝:
samba.i686 2:4.0.3-2.fc18
samba-client.i686 2:4.0.3-2.fc18
作爲依賴被升級:
libsmbclient.i686 2:4.0.3-2.fc18
libwbclient.i686 2:4.0.3-2.fc18
samba-common.i686 2:4.0.3-2.fc18
samba-libs.i686 2:4.0.3-2.fc18
完畢!
[root@localhost include]# rpm -qa|grep sambasamba-common-4.0.3-2.fc18.i686
samba-libs-4.0.3-2.fc18.i686
samba-4.0.3-2.fc18.i686
samba-client-4.0.3-2.fc18.i686
[root@localhost include]#
二、samba用戶映射
在samba服務共享時,密碼是保存在linux 主機中的,windows用戶可以通過samba用戶的別名作爲samba用戶訪問共享資源。操作如下:
[root@localhost ~]# vi /etc/samba/smbusers
定位到第2行,加入下面代碼:
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin Administrator
andy = root
nobody = everyboy everyone guest pcguest smbguest
保存退出。
三、修改samba共享配置文件
操作如下:
[root@localhost ~]# vi /etc/samba/smb.conf
加入如下面代碼
#======================= Global Settings =====================================
[global]
unix charset = UTF-8
dos charset = CP932
username map = /etc/samba/smbusers
... ...
定位到89行附近,加入window 默認的工作組
# hosts allow = the hosts allowed to connect. This option can also be used on a
# per-share basis.
# hosts deny = the hosts not allowed to connect. This option can also be used on
# a per-share basis.
#
workgroup = WORKGROUP //設置工作組
server string = Samba Server Version %v
netbios name = fedora18 //netbios名字,默認沒有啓用
;interfaces = lo eth0 192.168.0.2/24 192.168.12.2/24 192.168.13.2/24 //設置Samba Server監聽哪些網卡,可以寫網卡名,也可以寫該網卡的IP地址
;hosts allow = 127. 192.168.1. 192.168.0. 192.168.12. 192.168.13. //允許訪問的地址,注意各地址之間有空格
... ...
定位到第232行附近,加入如下代碼,主要是爲將來設置跨網段共享時用
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.0.101 192.168.1.32
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.0.255
# --------------------------- Logging Options -----------------------------
#
# log file = specify where log files are written to and how they are split.
#
# max log size = specify the maximum size log files are allowed to reach. Log
# files are rotated when they reach the size specified with "max log size".
#
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
... ...
定位到128行,確認如下默認設置:
security = user //安全級別,user需要用戶名和密碼,share級別則不要
passdb backend = tdbsam
... ...
定位到289行附近,修改如下:
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes //允許在瀏覽器中打開
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok =no
writable = no
printable = yes
然後保存退出。
四、測試上面的配置文件是否有語法錯誤
[root@localhost ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
ERROR: cache directory /var/cache/samba does not exist
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
dos charset = CP932
netbios name = FEDORA18
server string = Samba Server Version %v
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[root@localhost ~]#
五、添加訪問密碼將系統用戶例如andy加入到 Samba 用戶數據庫
先查看Fedor18已經存在的用戶andy,samba賬號與Linux賬號是不一樣的,但有一定的相關性,samba賬號是一個獨立的資料單位,其賬號必須在/etc/passwd裏面纔可以,簡單來說,如果讓叫andy的用戶使用samba,這個andy也必須在/etc/passwd裏面纔可以登入, 可以採用下面命令設定andy的samba賬號密碼
如果不想使用此用戶可以用useradd命令添加新的samba用戶
[root@localhost ~]# cat /etc/passwd|grep andy //查看andu用戶
andy:x:1000:1000:Andy:/home/andy:/bin/bash
[root@localhost ~]# pdbedit -a -u andy //設定andy的samba賬號密碼
new password:
retype new password:
Unix username: andy
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1640796670-3177451582-3269769160-1000
Primary Group SID: S-1-5-21-1640796670-3177451582-3269769160-513
Full Name: Andy
Home Directory: \\fedora18\andy
HomeDir Drive:
Logon Script:
Profile Path: \\fedora18\andy\profile
Domain: FEDORA18
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 20 3月 2013 23:59:56 CST
Password can change: 三, 20 3月 2013 23:59:56 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]#
pdbedit命令的參數很多,這裏列出幾個主要的。
pdbedit –a username:新建Samba賬戶。
pdbedit –x username:刪除Samba賬戶。
pdbedit –L:列出Samba用戶列表,讀取passdb.tdb數據庫文件。
pdbedit –Lv:列出Samba用戶列表的詳細信息。
pdbedit –c “[D]” –u username:暫停該Samba用戶的賬號。
pdbedit –c “[]” –u username:恢復該Samba用戶的賬號。
上面samba賬號的密碼也可以採用下面方式設定
[root@localhost ~]# smbpasswd -a andy
New SMB password:
Retype new SMB password:
[root@localhost ~]#
六、修改共享目錄andy的訪問權限
[root@localhost ~]# ll /home
總用量 4
drwx------. 3 andy andy 4096 3月 20 20:25 andy
[root@localhost ~]# chmod 777 /home/andy //修改andy 文件夾權限
[root@localhost ~]# ll /home
總用量 4
drwxrwxrwx. 3 andy andy 4096 3月 20 20:25 andy
[root@localhost ~]# gpasswd -a andy root //將用戶andy加入到root組
正在將用戶“andy”加入到“root”組中
[root@localhost ~]#
七、有關的防火牆配置
爲了使samba共享設置順利進行,本機之前已經關閉了SELinux,如下:
[root@localhost jack]# sestatus
SELinux status: disabled
[root@localhost jack]#
因爲Fedora 18是由SELinux作爲安全控管,所以samba的運行受到“samba設定”、“SELinux安全控管”和“Linux基本權限設定”這三種條件約束,Fedora 系統在安裝時SELinux安全控管的預設定如下:
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost ~]#
如果SELinux的狀態時enabled,需要加入如下指令使SELinux對samba資料放行:
使用Samba默認的目錄,如果不使用此目錄,可不必運行。
[root@localhost ~]# setsebool -P samba_enable_home_dirs on
使Samba所有的共享目錄有可寫功能
[root@localhost ~]# setsebool -P samba_export_rw on
如果是共享自定義的目錄名,可以用如下指令設置:
chcon -R -t samba_share_t 本地目錄名
禁用SELinux是通過如下方式進行的:
[root@localhost ~]# vi /etc/selinux/config
定位到第6行,修改如下:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
還有記得設置之後要重啓計算機才能生效。如果不想重啓系統,使用命令setenforce 0 下面是關閉SELINUX的方法:
修改/etc/selinux/config文件中的SELINUX="" 爲 disabled ,然後重啓。
注:
setenforce 1 設置SELinux 成爲enforcing模式
setenforce 0 設置SELinux 成爲permissive模式
在lilo或者grub的啓動參數中增加:selinux=0,也可以關閉selinux
詳細出處參考:http://www.itqun.net/content-detail/242970.html
八、重啓samba
[root@localhost ~]# service smb restart
Redirecting to /bin/systemctl restart smb.service
[root@localhost ~]# service nmb restart
Redirecting to /bin/systemctl restart nmb.service
[root@localhost ~]#
九、設置Samba自啓動,通過chkconfig命令進行設置
[root@localhost ~]# chkconfig smb on
注意:正在將請求轉發到“systemctl enable smb.service”。
ln -s '/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost ~]# chkconfig nmb on
注意:正在將請求轉發到“systemctl enable nmb.service”。
ln -s '/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
十、Linux下訪問測試
命令格式smbclient –L [//主機或IP] [-U 用戶賬號]
<1>Linux下訪問本機
[root@localhost ~]# smbclient -L 192.168.0.101 -U andy
Enter andy's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.3]
Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
IPC$ IPC IPC Service (Samba Server Version 4.0.3)
andy Disk Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.3]
Server Comment
--------- -------
FEDORA18 Samba Server Version 4.0.3
Workgroup Master
--------- -------
WORKGROUP FEDORA18
[root@localhost ~]#
<2>在win8中共享訪問設置
這時需要清除Fedora 18 的iptable規則,如下:
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -X
[root@localhost ~]# iptables -Z
[root@localhost ~]#
還要記得保存,先要修改iptables-config,否則無法在防火牆爲disabled狀態下保存:
[root@localhost ~]# vim /etc/sysconfig/iptables-config
定位到第19行附近,經默認的no改成yes
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"
# Save current firewall rules on restart.
然後保存退出,再執行下面指令保存
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*nat
:PREROUTING ACCEPT [14:1251]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_ZONE_external - [0:0]
:POST_ZONE_external_allow - [0:0]
:POST_ZONE_external_deny - [0:0]
:POST_ZONE_public - [0:0]
:POST_ZONE_public_allow - [0:0]
:POST_ZONE_public_deny - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_ZONE_public - [0:0]
:PRE_ZONE_public_allow - [0:0]
:PRE_ZONE_public_deny - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eth0 -j POST_ZONE_public
-A POST_ZONE_external -j POST_ZONE_external_deny
-A POST_ZONE_external -j POST_ZONE_external_allow
-A POST_ZONE_external_allow -j MASQUERADE
-A POST_ZONE_public -j POST_ZONE_public_deny
-A POST_ZONE_public -j POST_ZONE_public_allow
-A PREROUTING_ZONES -i eth0 -j PRE_ZONE_public
-A PRE_ZONE_public -j PRE_ZONE_public_deny
-A PRE_ZONE_public -j PRE_ZONE_public_allow
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*mangle
:PREROUTING ACCEPT [14:1251]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_ZONE_public - [0:0]
:PRE_ZONE_public_allow - [0:0]
:PRE_ZONE_public_deny - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eth0 -j PRE_ZONE_public
-A PRE_ZONE_public -j PRE_ZONE_public_deny
-A PRE_ZONE_public -j PRE_ZONE_public_allow
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
[root@localhost ~]#
再次訪問測試
重新在windows的地址欄輸入:\\192.168.0.101\andy
在登錄框中輸入用戶名和密碼後就可以看到linux的共享目錄了
注意,登錄的用戶名可以是smbusers文件中映射的所有用戶名。
十一、映射網絡驅動器
當然還可以將其映射到本地驅動器上
在上圖中的計算機上右鍵->映射網絡驅動器,彈出設置對話框,如下圖
在“文件夾”欄中輸入共享的linux目錄地址,點擊完成即可。