Samba 是在 Linux 和 UNIX 系统上实现 SMB 协议的一个免费软件,有服务端和客户端程序构成。随着 Linux 的普及,如何共享 Linux 下的文件成为用户关心的问题。其实,几乎所有的 Linux 发行套件都提供了一个很好的工具 Samba——通过它可以轻松实现文件共享
通用 lnternet 文件系统(CIFS)也称为服务器信息块(SMB),是适用于 MicrosoftWindows 服务器和客户端的标准文件和打印机共享系统。
Samba 服务可用于将 Linux 文件系统作为 CIFS/SMB 网络文件共享进行共享,并将 Linux 打印机作为 CIFS/SMB 打印机共享进行共享。
[root@server ~]# ——服务端
[root@client ~]# ——客户端
安装及启动服务
首先重置两台虚拟机,ip老规矩分别加100,200,配置yum源
CIFS文件的存储(针对windows用户)
用intenet 文件系统(cifs)也称为服务器通信是适用于
Samba服务
[root@server ~]# yum search samba 服务端查看samba服务所需软件
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
============================== N/S matched: samba ==============================
samba-client.x86_64 : Samba client programs 客户端应用程序
samba-common.x86_64 : Files used by both Samba servers and clients samba的支持文件
samba-libs.i686 : Samba libraries
samba-libs.x86_64 : Samba libraries
samba-python.x86_64 : Samba Python libraries
samba-winbind.x86_64 : Samba winbind
samba-winbind-modules.i686 : Samba winbind modules
samba-winbind-modules.x86_64 : Samba winbind modules
samba.x86_64 : Server and Client software to interoperate with Windows machines 服务器应用程序
Name and summary matches only, use "search all" for everything.
[root@server ~]# yum install samba.x86_64 samba-client.x86_64 samba-common.x86_64 -y
Loaded plugins: langpacks
Package samba-common-4.1.1-31.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba x86_64 4.1.1-31.el7 rhel_dvd 527 k
samba-client x86_64 4.1.1-31.el7 rhel_dvd 513 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 1.0 M
Installed size: 2.9 M
Downloading packages:
(1/2): samba-4.1.1-31.el7.x86_64.rpm | 527 kB 00:00
(2/2): samba-client-4.1.1-31.el7.x86_64.rpm | 513 kB 00:00
--------------------------------------------------------------------------------
Total 1.4 MB/s | 1.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : samba-4.1.1-31.el7.x86_64 1/2
Installing : samba-client-4.1.1-31.el7.x86_64 2/2
Verifying : samba-client-4.1.1-31.el7.x86_64 1/2
Verifying : samba-4.1.1-31.el7.x86_64 2/2
Installed:
samba.x86_64 0:4.1.1-31.el7 samba-client.x86_64 0:4.1.1-31.el7
Complete!
[root@server ~]# systemctl start smb
[root@server ~]# systemctl enable smb.service
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl stop firewalld.service
[root@server ~]# systemctl disable firewalld
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'进行共享所用的端口是 139 和 445
查看smb服务需要的端口
[root@server ~]# netstat -antlupe | grep smb
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 80016 3887/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 80017 3887/smbd
tcp6 0 0 :::445 :::* LISTEN 0 80014 3887/smbd
tcp6 0 0 :::139 :::* LISTEN 0 80015 3887/smbd 客户端访问 samba 服务需装 samba-client 客户端
[root@client ~]# yum install samba-client.x86_64 -y
匿名访问成功
[root@client ~]# smbclient -L //172.25.254.236
Enter root's password: 直接回车
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------添加 smb 用户
smb 用户必须是本地用户
添加用户 student,westos
smbpasswd 常用参数
-a username: 添加用户为 samba 用户
-d username:禁用 samba 用户 username
-e username: 启用 samba 用户 username
-x username: 删除 samba 用户 usernamepdbedit 常用参数
–a username:新建 Samba 账户。
–x username:删除 Samba 账户。
–L:列出 Samba 用户列表,读取 passdb.tdb 数据库文件。
–Lv:列出 Samba 用户列表的详细信息。
–c “[D]” –u username:暂停该 Samba 用户的账号。
–c “[]” –u username:恢复该 Samba 用户的账号。
服务端添加用户,必须是真实存在的用户
[root@server ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@server ~]# smbpasswd -a student
New SMB password:
Retype new SMB password:
Added user student. 添加成功
[root@server ~]# id westos
id: westos: no such user
[root@server ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Failed to add entry for user westos. 用户不存在,添加失败
[root@server ~]# useradd westos 新建westos
[root@server ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Added user westos.
[root@server ~]# pdbedit -L 查看用户
student:1000:Student User
westos:1001:
[root@server ~]# pdbedit -x student 删除用户
[root@server ~]# pdbedit -L
westos:1001:
[root@server ~]# smbpasswd -a student
New SMB password:
Retype new SMB password:
Added user student.客户端用户登陆
[root@client ~]# smbclient -L //172.25.254.236 -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
student Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
访问
[root@client ~]# smbclient //172.25.254.236/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \* 访问被拒绝
smb: \> smbclient(选项)(参数)
-L:显示服务器端所分享出来的所有资源
-U <用户名称>:指定用户名称
无法访问可能是 selinux 的拒绝
[root@server ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
布尔值允许本地 Linux 主目录作为 CIFS 文件共享导出至其他系统
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@server ~]# setsebool -P samba_enable_home_dirs on此时客户端访问
[root@client ~]# smbclient //172.25.254.236/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jun 7 03:08:10 2018
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28595 blocks available
smb: \>
可以列出文件的上传
只能上传当前所在目录下的文件
上传的文件在服务端的 student 用户的家目录
[root@client ~]# pwd
/root 在哪能上传哪
[root@client ~]# ls
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
[root@client ~]# cd /etc/ 想上传哪个文件得先进入哪个
[root@client etc]# smbclient //172.25.254.236/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls !Ls可以列出本地的
abrt hostname profile.d
adjtime hosts protocols
aliases hosts.allow pulse
中间略
host.conf profile yum.repos.d
smb: \> put passwd 可上传
putting file passwd as \passwd (65.3 kb/s) (average 65.3 kb/s)
smb: \> 上传到服务端的用户家目录中
[root@server ~]# cd /home/student/
[root@server student]# ls
passwd注意:这种登陆方式登陆,不能执行新建文件、目录等!!!
挂载 CIFS 共享(客户端)
手动挂载(不推荐)
[root@client ~]# cd /mnt/ 这种情况相当于一块硬盘
[root@client mnt]# ls
passwd
[root@client mnt]# touch file {1..10}
[root@client mnt]# ls
1 10 2 3 4 5 6 7 8 9 file passwd
[root@client mnt]# rm -rf file {1..10}
[root@client mnt]# ls
passwd
[root@server ~]# cd /home/student/
[root@server student]# ls
passwd
[root@server student]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 passwd
[root@server student]# ls
passwd
[root@client mnt]# umount /mnt/
umount: /mnt: target is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[root@client mnt]# cd
[root@client ~]# umount /mnt/
自动挂载,不是很建议用这个,因为他要求236这个主机必须开启
[root@client ~]# vim /etc/fstab
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
/dev/vg0/vo /home ext4 defaults 0 0
//172.25.254.236/student /mnt cifs defaults,username=student,password=123 0 0 挂载
[root@client ~]# mount -a
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3181836 7292064 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 140 484792 1% /dev/shm
tmpfs 484932 12768 472164 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.236/student 10473900 3159120 7314780 31% /mnt 挂载成功
脚本挂载
[root@client ~]# vim /etc/rc.d/rc.local
ab_script}
# chmod 755 ${lab_script}
#fi
touch /var/lock/subsys/local
mount -o username=student,password=123 //172.25.254.236/student /mnt 脚本挂载
[root@client ~]# chmod +x /etc/rc.d/rc.local 给脚本可执行权限
[root@client ~]# reboot
Connection to 172.25.254.136 closed by remote host.
Connection to 172.25.254.136 closed.
[kiosk@foundation63 Desktop]$ ssh root@172.25.254.136
root@172.25.254.136's password:
Last login: Thu Jun 7 02:38:51 2018 from 172.25.254.63
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3180972 7292928 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12756 472176 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.236/student 10473900 3159288 7314612 31% /mnt 开机自动挂载Samba 基本配置
域名更改
[root@client ~]# smbclient -L //172.25.254.236
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] 域名此时为Domain=[MYGROUP]
Server Comment
--------- -------
Workgroup Master
--------- -------
服务端[root@server student]# vim /etc/samba/smb.conf
# can set it to SMB2 if you want experimental SMB2 support.
#
workgroup = WESTOS 将这一行添加
[root@server student]# systemctl restart smb.service 重启服务
[root@client ~]# smbclient -L //172.25.254.236
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] 此时域名更改Domain=[WESTOS]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------黑白名单的设定
白名单,只允许136登录
[root@server ~]# vim /etc/samba/smb.conf ##添加第98行内容
[root@server ~]# cat /etc/samba/smb.conf | head -n 98 | tail -n 1
hosts allow = 172.25.254.136
[root@server ~]# systemctl restart smb.service黑名单,只不允许136登录
[root@server student]# vim /etc/samba/smb.conf ##修改第98行内容
[root@server ~]# cat /etc/samba/smb.conf | head -n 98 | tail -n 1
hosts deny = 172.25.254.136
[root@server student]# systemctl restart smb共享目录的设定
非系统目录的共享
[root@server ~]# mkdir /westos
[root@server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'
[root@server ~]# semanage fcontext -l | grep /westos
/westos(/.*)? all files system_u:object_r:samba_share_t:s0
[root@server ~]# restorecon -FvvR /westos/
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@server ~]# vim /etc/samba/smb.conf
[root@server ~]# cat /etc/samba/smb.conf | tail -n 3 ##添加的内容
[DIR] ##共享名称
comment = westos dir ##对共享目录的描述
path = /westos ##共享目录的绝对路径
[root@server ~]# cat /etc/samba/smb.conf | head -n 98 | tail -n 1 ##修改的内容
hosts allow = 172.25.254.136/24
[root@server ~]# touch /westos/file
[root@server ~]# ls /westos/
file
[root@server ~]# systemctl restart smb.service系统目录的共享
[root@server ~]# vim /etc/samba/smb.conf ##添加后三行内容
[root@server ~]# cat /etc/samba/smb.conf | tail -n 3
[mnt] ##共享名称
comment = /mnt dir ##对共享目录的描述
path = /mnt ##共享目录的绝对路径
[root@server ~]# systemctl restart smbSelinux开启的情况下共享目录
[root@server ~]# getenforce
Enforcing
[root@server ~]# vim /etc/samba/smb.conf
[root@server ~]# mkdir /westos
[root@server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'
[root@server ~]# restorecon -RvvF /westos/
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@server ~]# vim /etc/samba/smb.conf
; write list = +staff
[DIR]
comment = westos direcotry
path = /westos
[root@server ~]# systemctl restart smb.service
[root@client ~]# smbclient -L //172.25.254.236
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
DIR Disk westos direcotry
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@client ~]# smbclient //172.25.254.236/DIR -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jun 7 09:47:50 2018
.. D 0 Thu Jun 7 09:47:50 2018
40913 blocks of size 262144. 28573 blocks available
smb: \> !ls
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
smb: \> put anaconda-ks.cfg
NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg上传被服务本身拒绝了
smb: \> quit服务端
[root@server ~]# vim /etc/samba/smb.conf
[DIR]
comment = westos direcotry
path = /westos
writable = yes
[root@server ~]# systemctl restart smb.service
客户端此时依旧无法上传
[root@client ~]# smbclient //172.25.254.236/DIR -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
smb: \> put anaconda-ks.cfg
NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
smb: \> quit[root@server ~]# ll -d /westos/
drwxr-xr-x. 2 root root 6 Jun 7 09:47 /westos/
[root@server ~]# chmod 777 /westos/ 实验环境,给westos目录777权限
[root@client ~]# smbclient //172.25.254.236/DIR -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
smb: \> put anaconda-ks.cfg 可以上传
putting file anaconda-ks.cfg as \anaconda-ks.cfg (26.8 kb/s) (average 26.8 kb/s)
smb: \> ls
. D 0 Thu Jun 7 10:08:22 2018
.. D 0 Thu Jun 7 09:47:50 2018
anaconda-ks.cfg A 8619 Thu Jun 7 10:08:22 2018
40913 blocks of size 262144. 28572 blocks available
smb: \> rm anaconda-ks.cfg 可以删除
smb: \> ls
. D 0 Thu Jun 7 10:09:06 2018
.. D 0 Thu Jun 7 09:47:50 2018
40913 blocks of size 262144. 28572 blocks available8、配置文件的参数
security = user
passdb backend = tdbsam
map to guest = bad user 匿名用户
[DIR]
comment = westos direcotry
path = /westos
; writable = yes 用户可写
write list = +westos 允许westos组进行读写
browseable = yes 共享目录设置为显示
guest ok =yes 匿名用户登陆browseable = no | yes ——更改此参数,不用重启服务
no ——将该共享目录设置为隐藏
yes——将该共享目录设置为显示
writable = yes|no ——更改此参数,需要重启服务
no | yes —— 设置用户是否可写(所有用户)
write list = student ——更改此参数,需要重启服务
允许用户 student 进行写操作(相当于白名单)
write list = @student ——更改此参数,需要重启服务
只允许属于 student 组的用户进行写操作
admin users = 用户名 ——更改此参数,需要重启服务
多用户挂载
不同用户创建的文件、目录等,所有的用户都可以看
这是不合理的,下面的操作就是消除这种不合理
即设置多用户挂载,挂载是需要 smb 认证
root@client ~]# yum install cifs-utils -y
[root@client ~]# vim /root/smbpass
[root@client ~]# cat /root/smbpass
username=student
password=123
[root@client ~]# mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.227/DIR /mnt/
##credentials=/root/smbpass 指定挂载时所用到的用户文件
##multiuser 支持多用户认证
##sec=ntlmssp 认证方式为标准smb认证方式(注意版本不同的认证)
## The default in mainline kernel versions prior to v3.8 was sec=ntlm. Inv3.8, the default was changed to sec=ntlmssp.
[root@client ~]# ls /mnt/
file1 file2 file3
[root@client ~]# useradd test
[root@client ~]# su - test
[test@client ~]$ ls /mnt
ls: cannot access /mnt: Permission denied
####没有smb认证,无法进行共享
[test@client ~]$ cifscreds add -u tutu 172.25.254.227
Password: ##smb用户tutu的密码,输入错误的密码
[test@client ~]$ ls /mnt
ls: cannot access /mnt: Permission denied ##仍然没有权限
[test@client ~]$ cifscreds add -u tutu 172.25.254.227 ##再次认证失败
You already have stashed credentials for 172.25.254.227 (172.25.254.227)
If you want to update them use:
cifscreds update
[test@client ~]$ cifscreds clearall ##清除认证
[test@client ~]$ cifscreds add -u tutu 172.25.254.227
Password: ##smb用户tutu的密码,输入正确密码
[test@client ~]$ ls /mnt
file1 file2 file3
[test@client ~]$ touch /mnt/file4 ##创建的文件file4属于root用户,因为用户tutu被指定为共享的超级用户
[test@client ~]$ ll /mnt/
total 0
-rw-r--r-- 1 student student 0 Jun 4 08:03 file1
-rw-r--r-- 1 admin admin 0 Jun 4 08:18 file2
-rw-r--r-- 1 root admin 0 Jun 4 08:30 file3
-rw-r--r-- 1 root admin 0 Jun 4 08:57 file4
[test@client ~]$ logout
[root@client ~]# umount /mnt/匿名用户对于共享目录的登陆与访问
[root@server ~]# vim /etc/samba/smb.conf ##添加第125、328行
[root@server ~]# cat /etc/samba/smb.conf | head -n 125 | tail -n 1
map to guest = bad user
[root@server ~]# cat /etc/samba/smb.conf | head -n 328 | tail -n 1
guest ok = yes
[root@server ~]# systemctl restart smb.service