samba

Posted 2020-09-21

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了samba相关的知识，希望对你有一定的参考价值。

实验开始前：

[[email protected] ~]# systemctl stop firewalld

SMB文件共享

通用Internet文件系统(CIFS)也称为服务器信息块(SMB),是适用于MicrosoftWindows服务器和客户端的标准文件和打印机共享系统。Samba服务可用于将Linux文件系统作为CIFS/SMB网络文件共享进行共享,并将Linux打印机作为CIFS/SMB打印机共享进行共享

Samba服务的组成部分

1. 软件包:

Samba-common – Samba的支持文件

Samba-client – 客户端应用程序

Samba – 服务器应用程序

2. 服务名称:smb nmb

3. 服务端口: 通常使用TCP/445进行所有连接。还使用UDP137、UDP138和TCP/139进行向后兼容

4. 主配置文件:/etc/samba/smb.conf

1)服务的安装：

[[email protected] ~]# yum install samba samba-client.x86_64 samba-common -y

[[email protected] ~]# systemctl start smb nmb

[[email protected] ~]# systemctl enable smb nmb

2)添加smb用户

[[email protected] ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[[email protected] ~]# smbpasswd -a student ##添加samba用户

New SMB password:

Retype new SMB password:

Added user student.

[[email protected] ~]# smbclient -L //172.25.254.113

Enter root‘s password:

Connection to 172.25.254.113 failed (Error NT_STATUS_CONNECTION_REFUSED)

[[email protected] ~]# pdbedit -L ##查看smb用户信息

student:1000:Student User

[[email protected] ~]# setsebool -P samba_enable_home_dirs on##在selinux中设定smb用户可以访问自己的家目录

Boolean enable_samba_home_dirs is not defined

[[email protected] ~]# getsebool -a | grep samba

[[email protected] ~]# smbpasswd -x student ##删除samba用户

测试：

[[email protected] ~]# smbclient //172.25.254.113/student -U student

Enter student‘s password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Thu Jul 10 19:06:52 2014

.. D 0 Thu Jul 10 18:19:09 2014

.bash_logout H 18 Wed Jan 29 07:45:18 2014

.bash_profile H 193 Wed Jan 29 07:45:18 2014

.bashrc H 231 Wed Jan 29 07:45:18 2014

.ssh DH 0 Thu Jul 10 18:19:10 2014

.config DH 0 Thu Jul 10 19:06:53 2014

40913 blocks of size 262144. 28503 blocks available

smb: \> quit

[[email protected] ~]#

3)共享目录的基本设定

[[email protected] ~]# vim /etc/samba/smb.conf

321 [haha] ##共享目录

322 comment = local directory ##对共享目录的描述

323 path = /smbshare ##共享目录的绝对路径

89 workgroup = WESTOS ##组名的更改(可改可不改，如果改就在这改)

[[email protected] ~]# systemctl restart smb.service

[[email protected] ~]# mkdir /smbshare ##自己建立的文件

[[email protected] ~]# touch /smbshare/westosha

[[email protected] ~]# semanage fcontext -a -t samba_share_t ‘/smbshare(/.*)?‘ ##安全上下文的统一

[[email protected] ~]# restorecon -RvvF /smbshare刷新

context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

restorecon reset /smbshare/westosha context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

NT_STATUS_ACCESS_DENIED listing \*

smb: \> quit

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:25:33 2017

.. D 0 Sat Jun 3 14:25:16 2017

westosha N 0 Sat Jun 3 14:25:33 2017

10473900 blocks of size 1024. 7296000 blocks available

smb: \> quit

[[email protected] ~]# setsebool -P samba_enable_home_dirs 0

[[email protected] ~]# systemctl restart smb.service

[[email protected] ~]# cd /mnt

[[email protected] mnt]# ls

[[email protected]lhost mnt]# touch file{1..5}

[[email protected] mnt]# ls

file1 file2 file3 file4 file5

[[email protected] mnt]# getsebool -a | grep samba

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> off

samba_export_all_ro --> off

samba_export_all_rw --> off

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_sandbox_use_samba --> off

virt_use_samba --> off

[[email protected] mnt]# setsebool -P samba_export_all_ro on##只读共享

[[email protected] mnt]# systemctl restart smb.service

[[email protected] mnt]# getsebool -a | grep samba

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> off

samba_export_all_ro --> on

samba_export_all_rw --> off##读写共享

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_sandbox_use_samba --> off

virt_use_samba --> off

[[email protected] smbshare]# vim /etc/samba/smb.conf

321 [haha]

322 comment = local directory

323 path = /mnt

[[email protected] smbshare]# systemctl restart smb.service

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:36:40 2017

.. D 0 Sat Jun 3 14:25:16 2017

file1 N 0 Sat Jun 3 14:36:40 2017

file2 N 0 Sat Jun 3 14:36:40 2017

file3 N 0 Sat Jun 3 14:36:40 2017

file4 N 0 Sat Jun 3 14:36:40 2017

file5 N 0 Sat Jun 3 14:36:40 2017

10473900 blocks of size 1024. 7305632 blocks available

smb: \>

4)samba的配置参数

更改完配置文件时刻重启生效：systemctl restart smb.service

vim /etc/samba/smb.conf

guest ok = yes ##匿名用户的访问

map to guest = bad user

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha

Enter kiosk‘s password: ##直接跳过不用输密码，smb用户里面没有kiosk

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:36:40 2017

.. D 0 Sat Jun 3 14:25:16 2017

file1 N 0 Sat Jun 3 14:36:40 2017

file2 N 0 Sat Jun 3 14:36:40 2017

file3 N 0 Sat Jun 3 14:36:40 2017

file4 N 0 Sat Jun 3 14:36:40 2017

file5 N 0 Sat Jun 3 14:36:40 2017

10473900 blocks of size 1024. 7305624 blocks available

smb: \> quit

###访问控制

1.hosts allow = ip##仅允许当前ip

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:36:40 2017

.. D 0 Sat Jun 3 14:25:16 2017

file1 N 0 Sat Jun 3 14:36:40 2017

file2 N 0 Sat Jun 3 14:36:40 2017

file3 N 0 Sat Jun 3 14:36:40 2017

file4 N 0 Sat Jun 3 14:36:40 2017

file5 N 0 Sat Jun 3 14:36:40 2017

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

2.hosts deny = ip ##仅拒绝当前ip

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

valid users = 用户 ##当前共享的有效用户

valid users = @westos或+westos ##当前共享的有效用户为westos组

测试：

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U westos

Enter westos‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:36:40 2017

.. D 0 Sat Jun 3 14:25:16 2017

file1 N 0 Sat Jun 3 14:36:40 2017

file2 N 0 Sat Jun 3 14:36:40 2017

file3 N 0 Sat Jun 3 14:36:40 2017

file4 N 0 Sat Jun 3 14:36:40 2017

file5 N 0 Sat Jun 3 14:36:40 2017

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

[[email protected] smbshare]# usermod -G westos student

[[email protected] Desktop]# smbclient //172.25.254.113/haha -U student

Enter student‘s password:

Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

. D 0 Sat Jun 3 14:36:40 2017

.. D 0 Sat Jun 3 14:25:16 2017

file1 N 0 Sat Jun 3 14:36:40 2017

file2 N 0 Sat Jun 3 14:36:40 2017

file3 N 0 Sat Jun 3 14:36:40 2017

file4 N 0 Sat Jun 3 14:36:40 2017

file5 N 0 Sat Jun 3 14:36:40 2017

10473900 blocks of size 1024. 7303804 blocks available

smb: \> quit

###读写控制

所有用户均可写

[[email protected] smbshare]# chmod o+w /mnt

[[email protected] smbshare]# setsebool -P samba_export_all_rw on

[[email protected] smbshare]# vim /etc/samba/smb.conf

[haha]

comment = local directory

path = /mnt

writable = yes ##读写控制打开

admin user = westos ##允许用户westos

[[email protected] smbshare]# systemctl restart smb.service

测试：

[[email protected] Desktop]# mount -o username=westos,password=westos //172.25.254.113/haha /mnt/

[[email protected] Desktop]# cd /mnt

[[email protected] mnt]# ls

file1 file2 file3 file4 file5

[[email protected] mnt]# touch file6

[[email protected] mnt]# ls

file1 file2 file3 file4 file5 file6

设定指定用户可写

write list = student##可写用户

write list = +student##可写用户组

write list = @student

admin users = westos##共享的超级用户指定

5)smb多用户挂载

在client上

[[email protected] mnt]# vim /root/haha

1 username=student

2 password=student

测试：

[[email protected] mnt]# chmod 600 /root/haha

[[email protected] mnt]# yum install cifs-utils -y

[[email protected] mnt]# mount -o credentials=/root/haha,multiuser,sec=ntlmssp //172.25.254.113/haha /mnt/

#credentials=/root/haha ##指定挂载时所用到的用户文件

#multiuser ##支持多用户认证

#sec=ntlmssp ##认证方式为标准smb认证方式

[[email protected] mnt]# ls

file

[[email protected] mnt]# su - kiosk

Last login: Sat Jun 3 16:43:08 CST 2017 on pts/5

[[email protected] ~]$ ls /mnt/

ls: cannot access /mnt/: Permission denied##因为没有做smb的认证所以无法访问smb共享

[[email protected] ~]$ cifscreds add -u westos 172.25.254.113

Password:

[[email protected] ~]$ ls /mnt

file

本文出自 “AELY木” 博客，请务必保留此出处http://12768057.blog.51cto.com/12758057/1933273

以上是关于samba的主要内容，如果未能解决你的问题，请参考以下文章

Linux-Samba或NFS实现文件共享