Samba共享服务
Linux如何访问Windows的共享?
Windows能实现访问Linux的共享吗?
关于Samba
--SMB/CIFS协议
-- Server Message Block ,服务消息块
-- Common Internet File System , 通用网际文件系统
Samba服务基础
主要软件包
[root@localhost Server]# rpm -qa | grep samba
samba-common-3.0.33-3.39.el5_8 //公共程序
samba-3.0.33-3.39.el5_8 //服务端程序
samba-client-3.0.33-3.39.el5_8 //客户端程序
samba-swat-3.0.33-3.39.el5_8 //Web管理后台
主要程序
--smbd : 提供对文件、打印资源的共享访问
监听端口 TCP 139 、 TCP445
--nmbd : 提供基于NetBios协议的主机名解析
监听端口 UDP137 、UDP138
系统服务脚本
-- /etc/init.d/smb
配置目录及主要配置文件
-- /etc/samba/
-- /etc/samba/smb.conf
配置文件检查工具
-- testparm
实验拓扑
Linux Client
-----RHEL5.9(vmnet1)----------(vmnet1)
Win7 Client
实验一:Samba匿名共享
将目录 /usr/src 共享给所有人
共享名设为 tools
允许所有人访问、无需密码验证
访问权限为只读
1、[root@localhost ~]# rpm -q samba-client samba samba-common
samba-client-3.0.33-3.39.el5_8
samba-3.0.33-3.39.el5_8
samba-common-3.0.33-3.39.el5_8
2、修改主配置文件
...
workgroup = pengpeng //工作组名称
server string = Samba Server Version %v //服务器描述
...
log file = /var/log/samba/%m.log //日志路径,%m 对应客户机地址
...
max log size = 50 //最大日志容量
...
security = share //默认使用的安全级别(user、share、server、domain)
...
load printers = no //屏蔽共享时看到的打印图标
[tools] //共享名称
comment = tools public //共享描述
path = /usr/src //共享目录的实际位置
public= yes //是否所有人可用
browseable=yes //是否隐藏
read only = yes //只读
3、启动服务
首先检查配置
[root@localhost ~]# testparm //检查配置命令
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tools]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions //按回车查看配置信息
[global] //全局配置
workgroup = PENGPENG
server string = Samba Server Version %v
security = SHARE
passdb backend = tdbsam
load printers = No
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[tools] //自定义配置共享
comment = tools public
path = /usr/src
guest ok = Yes
启动服务
[root@localhost ~]# service smb restart
关闭 SMB 服务: [失败]
关闭 NMB 服务: [失败]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
确保服务开机启动
[root@localhost ~]# chkconfig smb on
[root@localhost ~]# chkconfig smb --list
smb 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@localhost ~]#
监听端口
[root@localhost ~]# netstat -anptu | grep mbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 5798/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 5798/smbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 5801/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 5801/nmbd
4、客户端测试
windows:
UNC路径 \\192.168.8.10
如图:
linux:
安装samba-client
[root@localhost Server]# rpm -ivh samba-client-3.0.33-3.39.el5_8.x86_64.rpm
warning: samba-client-3.0.33-3.39.el5_8.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package samba-client-3.0.33-3.39.el5_8.x86_64 is already installed
[root@localhost Server]# rpm -q samba-client
samba-client-3.0.33-3.39.el5_8
[root@localhost ~]# smbclient -L 192.168.8.10 //查看共享
Password:
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Sharename Type Comment
--------- ---- -------
tools Disk tools public
IPC$ IPC IPC Service (Samba Server Version 3.0.33-3.39.el5_8)
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Server Comment
--------- -------
LOCALHOST Samba Server Version 3.0.33-3.39.el5_8
Workgroup Master
--------- -------
PENGPENG LOCALHOST
WORKGROUP PENGPENG-PC
[root@localhost ~]# smbclient //192.168.8.10/tools //访问共享
Password: //匿名共享,任意密码
Domain=[PENGPENG] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
Server not using user level security and no password supplied.
smb: \> ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29666 blocks available
smb: \>
[root@localhost ~]# mkdir -p /data/smb //建立挂在文件夹
[root@localhost ~]# mount -t cifs //192.168.8.10/tools /data/smb/ //挂载
Password:
[root@localhost ~]# mount | tail -1
//192.168.8.10/tools on /data/smb type cifs (rw,mand) //查看挂载情况
配置自动挂载:
[root@localhost ~]# vim /etc/fstab
...
/192.168.8.10/tools /data/smb cifs passwd=defaults 0 0 //添加自动挂载,定义密码为空
...
[root@localhost ~]# grep smb /etc/fstab
//192.168.8.10/tools /data/smb cifs passwd=defaults 0 0
[root@localhost ~]# cd /data/smb //进入挂载目录
[root@localhost smb]# ls
debug kernels redhat //浏览成功
实验二:Samba用户验证
修改原有的 [tools] 匿名共享设置
不再允许所有人访问
只允许jack读取、tom写入
拒绝其他用户或匿名访问
上传目录的权限为755
上传文件的权限为644
1、新建相应账户与samba密码
[root@localhost ~]# useradd jack
[root@localhost ~]# useradd tom
[root@localhost ~]# echo "123456" | passwd --stdin jack
Changing password for user jack.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "123456" | passwd --stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# pdbedit -a jack //添加共享账号,必须有相对应的系统账号
new password:
retype new password:
Unix username: jack
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3977168788-1325546648-3669002591-1000
Primary Group SID: S-1-5-21-3977168788-1325546648-3669002591-513
Full Name:
Home Directory: \\localhost\jack
HomeDir Drive:
Logon Script:
Profile Path: \\localhost\jack\profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 03 9月 2014 15:36:26 CST
Password can change: 三, 03 9月 2014 15:36:26 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]# pdbedit -a tom //添加共享账号,必须有相对应的系统账号
new password:
retype new password:
Unix username: tom
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3977168788-1325546648-3669002591-1001
Primary Group SID: S-1-5-21-3977168788-1325546648-3669002591-513
Full Name:
Home Directory: \\localhost\tom
HomeDir Drive:
Logon Script:
Profile Path: \\localhost\tom\profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 三, 03 9月 2014 15:36:41 CST
Password can change: 三, 03 9月 2014 15:36:41 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost ~]#
2、修改主配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
...
security = user //启用用户认证
...
[tools]
comment = tools public
path = /usr/src //指定共享路径
public= no //不对所有人开放
valid users = jack,tom //指定合法用户
write list =tom //用户tom可读可写
browseable=yes
read only = yes
directory mask = 0755 //上传的目录权限
create mask = 0644 //上传的文件权限
...
[root@localhost ~]# setfacl -m u:tom:rwx /usr/src/
//ACL控制,单独给tom读写执行权限 (本地与共享权限交集才是最终访问权限)
[root@localhost ~]# getfacl /usr/src/ //查看目录权限
getfacl: Removing leading '/' from absolute path names
# file: usr/src
# owner: root
# group: root
user::rwx
user:tom:rwx
group::r-x
mask::rwx
other::r-x
3、启动服务
[root@localhost ~]# service smb restart
关闭 SMB 服务: [确定]
关闭 NMB 服务: [确定]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
4、客户端测试
[root@localhost ~]# smbclient -U jack //192.168.8.10/tools //加用户访问
Password: //之前定义共享密码
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
smb: \> ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29665 blocks available
smb: \>
[root@localhost ~]# umount /data/smb //卸载掉之前挂载
[root@localhost ~]# mount -o username=jack //192.168.8.10/tools /data/smb
Password:
[root@localhost ~]# mount | grep smb
//192.168.8.10/tools on /data/smb type cifs (rw,mand)
[root@localhost ~]#
实验三: samba账户别名与访问地址控制
把普通用户jack设置为kaka
设置只允许192.168.8.5地址访问
1、修改samba用户别名文件
[root@localhost ~]# vim /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
jack = kaka //定义jack的用户别名kaka
2、修改主配置文件
...
username map = /etc/samba/smbusers //开启用户账号映射,虚拟用户名
...
[tools]
comment = tools public
path = /usr/src
public= no
valid users = jack,tom
write list =tom
browseable=yes
read only = yes
directory mask = 0755
create mask = 0644
hosts allow = 192.168.10.5 //添加此条语句,只允许10.5客户机访问
重启服务:
[root@localhost ~]# service smb restart
关闭 SMB 服务: [确定]
关闭 NMB 服务: [确定]
启动 SMB 服务: [确定]
启动 NMB 服务: [确定]
3、客户端测试
验证用户别名:
[root@localhost ~]#
[root@localhost ~]# smbclient -U kaka //192.168.8.10/tools
//使用jack别名kaka
Password: //使用jack密码
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
smb: \> ls
. D 0 Wed Aug 20 11:49:58 2014
.. D 0 Wed Aug 20 11:38:11 2014
debug D 0 Thu Oct 1 22:58:39 2009
kernels D 0 Wed Aug 20 11:41:30 2014
redhat D 0 Wed Aug 20 11:49:58 2014
38751 blocks of size 524288. 29665 blocks available
smb: \>
验证IP地址限制:
[root@localhost ~]# ifconfig eth0 192.168.8.6/24
//地址修改为192.168.8.6
[root@localhost ~]# ifconfig eth0 | grep "inet addr:"
inet addr:192.168.8.6 Bcast:192.168.8.255 Mask:255.255.255.0
[root@localhost ~]# smbclient -U jack //192.168.8.10/tools
Password:
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
tree connect failed: NT_STATUS_ACCESS_DENIED
// 无法访问