红色粗字体字为修改后内容,蓝色粗体字为特别注意内容
1,宿主机:windows 8 ,4G内存
2,虚拟机:VMware 9.0.1
3,虚拟主机:VMware下Fedora 18,1G内存。
4,参考文章:
参考文章:详解Fedora Samba配置安装,Setup Samba home share in Fedora 16,Linux系统中的Samba配置
参考:http://pathbreaker.blog.163.com/blog/static/189386457201218925662/
目录
一、samba安装
二、samba用户映射
三、修改samba共享配置文件
四、测试上面的配置文件是否有语法错误
五、添加访问密码将系统用户例如andy加入到 Samba 用户数据库
六、修改共享目录andy的访问权限
七、有关的防火墙配置
八、重启samba
九、设置Samba自启动,通过chkconfig命令进行设置
十、访问测试
十一、映射网络驱动器
前提:配置samba ,以root权限登录
一、samba安装
首先查看samba是否安装
[root@localhost include]# rpm -qa|grep samba
samba-common-4.0.0-168.fc18.rc5.i686
samba-libs-4.0.0-168.fc18.rc5.i686
已经安装samba-common
再安装samba-client samba
[root@localhost include]# yum install samba samba-client
已加载插件:langpacks, presto, refresh-packagekit
解决依赖关系
--> 执行事务检查
---> 软件包 samba.i686.2.4.0.3-2.fc18 将被 安装
--> 处理依赖关系 samba-libs = 2:4.0.3-2.fc18,它被软件包 2:samba-4.0.3-2.fc18.i686 需要
........省略
--> 完成依赖关系计算
依赖关系解决
==================================================
Package 架构 版本 仓库 大小
==================================================
正在安装:
samba i686 2:4.0.3-2.fc18 updates 521 k
samba-client i686 2:4.0.3-2.fc18 updates 461 k
为依赖而更新:
libsmbclient i686 2:4.0.3-2.fc18 updates 109 k
libwbclient i686 2:4.0.3-2.fc18 updates 78 k
samba-common i686 2:4.0.3-2.fc18 updates 700 k
samba-libs i686 2:4.0.3-2.fc18 updates 4.2 M
事务概要
==================================================
安装 2 软件包
Upgrade ( 4 Dependent packages)
总下载量:6.0 M
确定吗?[y/N]:y
下载软件包:
Setting up and reading Presto delta metadata
Processing delta metadata
Download delta size: 1.5 M
(1/4): libsmbclient-4.0.0-16 | 63 kB 00:12
(2/4): libwbclient-4.0.0-168 | 58 kB 00:13
(3/4): samba-libs-4.0.0-168. | 820 kB 00:13
(4/4): samba-common-4.0.0-16 | 546 kB 00:19
Finishing rebuild of rpms, from deltarpms
<locally rebuilding deltar | 5.0 MB 00:07
Presto reduced the update size by 72% (from 5.0 M to 1.5 M).
(1/2): samba-client-4.0.3-2. | 461 kB 00:06
(2/2): samba-4.0.3-2.fc18.i6 | 521 kB 00:06
--------------------------------------------------
总计 142 kB/s | 982 kB 00:06
运行事务检查
执行事务测试
事务测试成功
执行事务
正在升级 : 2:libwbclient-4.0.3-2.fc1 1/10
..........省略
Verifying : 2:samba-libs-4.0.0-168.fc 10/10
已安装:
samba.i686 2:4.0.3-2.fc18
samba-client.i686 2:4.0.3-2.fc18
作为依赖被升级:
libsmbclient.i686 2:4.0.3-2.fc18
libwbclient.i686 2:4.0.3-2.fc18
samba-common.i686 2:4.0.3-2.fc18
samba-libs.i686 2:4.0.3-2.fc18
完毕!
[root@localhost include]# rpm -qa|grep sambasamba-common-4.0.3-2.fc18.i686
samba-libs-4.0.3-2.fc18.i686
samba-4.0.3-2.fc18.i686
samba-client-4.0.3-2.fc18.i686
[root@localhost include]#
二、samba用户映射
在samba服务共享时,密码是保存在linux 主机中的,windows用户可以通过samba用户的别名作为samba用户访问共享资源。操作如下:
[root@localhost ~]# vi /etc/samba/smbusers
定位到第2行,加入下面代码:
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin Administrator
andy = root
nobody = everyboy everyone guest pcguest smbguest
保存退出。
三、修改samba共享配置文件
操作如下:
[root@localhost ~]# vi /etc/samba/smb.conf
加入如下面代码
#======================= Global Settings =====================================
[global]
unix charset = UTF-8
dos charset = CP932
username map = /etc/samba/smbusers
... ...
定位到89行附近,加入window 默认的工作组
# hosts allow = the hosts allowed to connect. This option can also be used on a
# per-share basis.
# hosts deny = the hosts not allowed to connect. This option can also be used on
# a per-share basis.
#
workgroup = WORKGROUP //设置工作组
server string = Samba Server Version %v
netbios name = fedora18 //netbios名字,默认没有启用
;interfaces = lo eth0 192.168.0.2/24 192.168.12.2/24 192.168.13.2/24 //设置Samba Server监听哪些网卡,可以写网卡名,也可以写该网卡的IP地址
;hosts allow = 127. 192.168.1. 192.168.0. 192.168.12. 192.168.13. //允许访问的地址,注意各地址之间有空格
... ...
定位到第232行附近,加入如下代码,主要是为将来设置跨网段共享时用
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.0.101 192.168.1.32
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.0.255
# --------------------------- Logging Options -----------------------------
#
# log file = specify where log files are written to and how they are split.
#
# max log size = specify the maximum size log files are allowed to reach. Log
# files are rotated when they reach the size specified with "max log size".
#
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
... ...
定位到128行,确认如下默认设置:
security = user //安全级别,user需要用户名和密码,share级别则不要
passdb backend = tdbsam
... ...
定位到289行附近,修改如下:
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes //允许在浏览器中打开
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok =no
writable = no
printable = yes
然后保存退出。
四、测试上面的配置文件是否有语法错误
[root@localhost ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
ERROR: cache directory /var/cache/samba does not exist
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
dos charset = CP932
netbios name = FEDORA18
server string = Samba Server Version %v
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[root@localhost ~]#
五、添加访问密码将系统用户例如andy加入到 Samba 用户数据库
先查看Fedor18已经存在的用户andy,samba账号与Linux账号是不一样的,但有一定的相关性,samba账号是一个独立的资料单位,其账号必须在/etc/passwd里面才可以,简单来说,如果让叫andy的用户使用samba,这个andy也必须在/etc/passwd里面才可以登入, 可以采用下面命令设定andy的samba账号密码
如果不想使用此用户可以用useradd命令添加新的samba用户
[root@localhost ~]# cat /etc/passwd|grep andy //查看andu用户
andy:x:1000:1000:Andy:/home/andy:/bin/bash
[root@localhost ~]# pdbedit -a -u andy //设定andy的samba账号密码
new password:
retype new password:
Unix username: andy
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1640796670-3177451582-3269769160-1000
Primary Group SID: S-1-5-21-1640796670-3177451582-3269769160-513
Full Name: Andy
Home Directory: \\fedora18\andy
HomeDir Drive:
Logon Script:
Profile Path: \\fedora18\andy\profile
Domain: FEDORA18
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 20 3月 2013 23:59:56 CST
Password can change: 三, 20 3月 2013 23:59:56 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]#
pdbedit命令的参数很多,这里列出几个主要的。
pdbedit –a username:新建Samba账户。
pdbedit –x username:删除Samba账户。
pdbedit –L:列出Samba用户列表,读取passdb.tdb数据库文件。
pdbedit –Lv:列出Samba用户列表的详细信息。
pdbedit –c “[D]” –u username:暂停该Samba用户的账号。
pdbedit –c “[]” –u username:恢复该Samba用户的账号。
上面samba账号的密码也可以采用下面方式设定
[root@localhost ~]# smbpasswd -a andy
New SMB password:
Retype new SMB password:
[root@localhost ~]#
六、修改共享目录andy的访问权限
[root@localhost ~]# ll /home
总用量 4
drwx------. 3 andy andy 4096 3月 20 20:25 andy
[root@localhost ~]# chmod 777 /home/andy //修改andy 文件夹权限
[root@localhost ~]# ll /home
总用量 4
drwxrwxrwx. 3 andy andy 4096 3月 20 20:25 andy
[root@localhost ~]# gpasswd -a andy root //将用户andy加入到root组
正在将用户“andy”加入到“root”组中
[root@localhost ~]#
七、有关的防火墙配置
为了使samba共享设置顺利进行,本机之前已经关闭了SELinux,如下:
[root@localhost jack]# sestatus
SELinux status: disabled
[root@localhost jack]#
因为Fedora 18是由SELinux作为安全控管,所以samba的运行受到“samba设定”、“SELinux安全控管”和“Linux基本权限设定”这三种条件约束,Fedora 系统在安装时SELinux安全控管的预设定如下:
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost ~]#
如果SELinux的状态时enabled,需要加入如下指令使SELinux对samba资料放行:
使用Samba默认的目录,如果不使用此目录,可不必运行。
[root@localhost ~]# setsebool -P samba_enable_home_dirs on
使Samba所有的共享目录有可写功能
[root@localhost ~]# setsebool -P samba_export_rw on
如果是共享自定义的目录名,可以用如下指令设置:
chcon -R -t samba_share_t 本地目录名
禁用SELinux是通过如下方式进行的:
[root@localhost ~]# vi /etc/selinux/config
定位到第6行,修改如下:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
还有记得设置之后要重启计算机才能生效。如果不想重启系统,使用命令setenforce 0 下面是关闭SELINUX的方法:
修改/etc/selinux/config文件中的SELINUX="" 为 disabled ,然后重启。
注:
setenforce 1 设置SELinux 成为enforcing模式
setenforce 0 设置SELinux 成为permissive模式
在lilo或者grub的启动参数中增加:selinux=0,也可以关闭selinux
详细出处参考:http://www.itqun.net/content-detail/242970.html
八、重启samba
[root@localhost ~]# service smb restart
Redirecting to /bin/systemctl restart smb.service
[root@localhost ~]# service nmb restart
Redirecting to /bin/systemctl restart nmb.service
[root@localhost ~]#
九、设置Samba自启动,通过chkconfig命令进行设置
[root@localhost ~]# chkconfig smb on
注意:正在将请求转发到“systemctl enable smb.service”。
ln -s '/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost ~]# chkconfig nmb on
注意:正在将请求转发到“systemctl enable nmb.service”。
ln -s '/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
十、Linux下访问测试
命令格式smbclient –L [//主机或IP] [-U 用户账号]
<1>Linux下访问本机
[root@localhost ~]# smbclient -L 192.168.0.101 -U andy
Enter andy's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.3]
Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
IPC$ IPC IPC Service (Samba Server Version 4.0.3)
andy Disk Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.0.3]
Server Comment
--------- -------
FEDORA18 Samba Server Version 4.0.3
Workgroup Master
--------- -------
WORKGROUP FEDORA18
[root@localhost ~]#
<2>在win8中共享访问设置
这时需要清除Fedora 18 的iptable规则,如下:
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -X
[root@localhost ~]# iptables -Z
[root@localhost ~]#
还要记得保存,先要修改iptables-config,否则无法在防火墙为disabled状态下保存:
[root@localhost ~]# vim /etc/sysconfig/iptables-config
定位到第19行附近,经默认的no改成yes
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"
# Save current firewall rules on restart.
然后保存退出,再执行下面指令保存
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*nat
:PREROUTING ACCEPT [14:1251]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_ZONE_external - [0:0]
:POST_ZONE_external_allow - [0:0]
:POST_ZONE_external_deny - [0:0]
:POST_ZONE_public - [0:0]
:POST_ZONE_public_allow - [0:0]
:POST_ZONE_public_deny - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_ZONE_public - [0:0]
:PRE_ZONE_public_allow - [0:0]
:PRE_ZONE_public_deny - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eth0 -j POST_ZONE_public
-A POST_ZONE_external -j POST_ZONE_external_deny
-A POST_ZONE_external -j POST_ZONE_external_allow
-A POST_ZONE_external_allow -j MASQUERADE
-A POST_ZONE_public -j POST_ZONE_public_deny
-A POST_ZONE_public -j POST_ZONE_public_allow
-A PREROUTING_ZONES -i eth0 -j PRE_ZONE_public
-A PRE_ZONE_public -j PRE_ZONE_public_deny
-A PRE_ZONE_public -j PRE_ZONE_public_allow
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*mangle
:PREROUTING ACCEPT [14:1251]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_ZONE_public - [0:0]
:PRE_ZONE_public_allow - [0:0]
:PRE_ZONE_public_deny - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eth0 -j PRE_ZONE_public
-A PRE_ZONE_public -j PRE_ZONE_public_deny
-A PRE_ZONE_public -j PRE_ZONE_public_allow
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
# Generated by iptables-save v1.4.16.2 on Thu Mar 21 00:32:39 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Mar 21 00:32:39 2013
[root@localhost ~]#
再次访问测试
重新在windows的地址栏输入:\\192.168.0.101\andy
在登录框中输入用户名和密码后就可以看到linux的共享目录了
注意,登录的用户名可以是smbusers文件中映射的所有用户名。
十一、映射网络驱动器
当然还可以将其映射到本地驱动器上
在上图中的计算机上右键->映射网络驱动器,弹出设置对话框,如下图
在“文件夹”栏中输入共享的linux目录地址,点击完成即可。