samba服务搭建

目录

运行环境

  • linux服务端(172.16.104.132)
## samba软件安装
[root@vm3 etc]# yum -y install samba-* 

## 关闭防火墙
[root@vm3 etc]# systemctl stop firewalld

## 修改selinux
[root@vm3 etc]# setenforce 0
[root@vm3 etc]# getenforce 
Permissive
  • linux客户端
## samba软件安装
## cifs文件系统挂载工具
[root@vm1 mnt]# yum -y install samba-client cifs-utils

## 关闭防火墙
[root@vm1 etc]# systemctl stop firewalld

## 修改selinux
[root@vm1 mnt]# setenforce 0
[root@vm1 mnt]# getenforce 
Permissive

1.搭建匿名共享smb服务

1.1 服务端

  • 1.配置smb.conf
[root@vm3 samba]# vim smb.conf

[global]
        workgroup = SAMBA
        security = user    
        passdb backend = tdbsam
        map to guest = bad user    //匿名访问必加,bad user
[smb-public]                       
        comment = smb-public
        path = /smb/smb-public     // 共享目录路径
        guest ok = yes             // 所有人是否可以访问
        writable = yes             // 共享目录是否可写
        public = yes               // 是否允许匿名用户访问
        browseable = yes           // 设置共享是否可见
  • 2.添加samba用户、创建共享目录
[root@vm3 samba]# useradd -M -r -s /sbin/nologin smb1
[root@vm3 samba]# useradd -M -r -s /sbin/nologin smb2
[root@vm3 samba]# useradd smb3

## smbpasswd,pdbedit用于编辑samba用户
[root@vm3 samba]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
[root@vm3 samba]# smbpasswd -a smb2
New SMB password:
Retype new SMB password:
[root@vm3 samba]# pdbedit -a -u smb3
new password:
retype new password:

#查看添加的samba用户
[root@vm3 samba]# pdbedit -L
smb2:994:
smb3:1002:
smb1:995:

#查看创建的共享目录
[root@vm3 smb]# tree .
.
├── smb-public
│   └── 123
└── smb-shared
    └── 123
[root@vm3 smb]# ll
total 0
drwxr-xrwx. 2 root root 17 Oct 10 21:28 smb-public
drwxr-xrwx. 3 root root 39 Oct 10 21:40 smb-shared

  • 3.启动smb服务
[root@vm3 smb]# systemctl start smb
[root@vm3 smb]# ss -antl 
State     Recv-Q    Send-Q         Local Address:Port          Peer Address:Port    
LISTEN    0         50                   0.0.0.0:445                0.0.0.0:*       
LISTEN    0         50                   0.0.0.0:139                0.0.0.0:*   
LISTEN    0         50                      [::]:445                   [::]:*       
LISTEN    0         50                      [::]:139                   [::]:*       
.........................................................

1.2 客户端

  • 1.查看服务端共享目录
[root@vm1 mnt]# smbclient -L 172.16.104.132
Enter SAMBA\root's password:    //直接回车,匿名不用输密码

	Sharename       Type      Comment
	---------       ----      -------
	smb-public      Disk      smb-public
	smb-shared      Disk      smb-shared
	IPC$            IPC       IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available

  • 2.访问共享目录---交互式
[root@vm1 mnt]# smbclient //172.16.104.132/smb-public 
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Oct 10 21:28:11 2020
  ..                                  D        0  Sat Oct 10 19:21:20 2020
  123                                 N        0  Sat Oct 10 21:28:11 2020
smb: \> mkdir abc
smb: \> ls
  .                                   D        0  Sat Oct 10 21:37:22 2020
  ..                                  D        0  Sat Oct 10 19:21:20 2020
  123                                 N        0  Sat Oct 10 21:28:11 2020
  abc                                 D        0  Sat Oct 10 21:37:22 2020
smb: \> quit
[root@vm1 mnt]# 
  • 2.访问共享目录---挂载
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-public /mnt/smb-public/ 
Password for root@//172.16.104.132/smb-public:    //直接回车,不需要密码
[root@vm1 mnt]# df -hT
Filesystem                  Type      Size  Used Avail Use% Mounted on
devtmpfs                    devtmpfs  963M     0  963M   0% /dev
tmpfs                       tmpfs     981M     0  981M   0% /dev/shm
tmpfs                       tmpfs     981M  8.7M  972M   1% /run
tmpfs                       tmpfs     981M     0  981M   0% /sys/fs/cgroup
/dev/mapper/cl-root         xfs        17G  2.0G   16G  12% /
/dev/sda1                   ext4      976M  109M  800M  12% /boot
tmpfs                       tmpfs     197M     0  197M   0% /run/user/0
//172.16.104.132/smb-public cifs       17G  2.2G   15G  13% /mnt/smb-public
[root@vm1 smb-pulic]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
drwxr-xr-x. 2 root root 0 Oct 10 21:37 abc
[root@vm1 smb-public]# touch 456
[root@vm1 smb-public]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 01:37 456
drwxr-xr-x. 2 root root 0 Oct 10 21:37 abc

1.3 验证效果

##查看服务端共享目录
[root@vm3 smb-public]# ll
total 0
-rw-r--r--. 1 root   root   0 Oct 10 21:28 123
-rw-r--r--. 1 nobody nobody 0 Oct 15  2020 456
drwxr-xr-x. 2 nobody nobody 6 Oct 10 21:37 abc

2.配置用户认证共享

  • 需求:只允许smb1,smb2访问共享目,且smb1拥有写权限

2.1 服务端

  • 1.配置smb.conf
[root@vm3 samba]# vim smb.conf
[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam
        map to guest = bad user
[smb-shared]
        comment = smb-shared
        path = /smb/smb-shared    //共享目录路径
        browseable = yes
        guest ok = yes
        writable = yes
        write list = smb1         // 允许写操作的用户或组(@组名)列表
        public = no
        read only = yes           // 只读
        valid users = smb1,smb2   // 有的用户或组(@组名)
        directory mask = 0755     // 客户端创建目录的默认权限
        create mask = 0644        // 客户端创建文件的默认权限
  • 2.查看共享目录
[root@vm3 smb]# cd smb-shared/
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root   root   0 Oct 10 21:28 123

  • 3.重启或加载配置
[root@vm3 smb-shared]# systemctl restart smb
[root@vm3 smb-shared]# systemctl reload smb

2.2 客户端

    1. 查看共享目录
[root@vm1 mnt]# smbclient -L //172.16.104.132/smb-shared -U smb1
Enter SAMBA\smb1's password: 

	Sharename       Type      Comment
	---------       ----      -------
	smb-public      Disk      smb-public
	smb-shared      Disk      smb-shared
	IPC$            IPC       IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[root@vm1 mnt]# smbclient  //172.16.104.132/smb-shared
Enter SAMBA\root's password: 
tree connect failed: NT_STATUS_ACCESS_DENIED      ##不能匿名访问

[root@vm1 mnt]# smbclient  //172.16.104.132/smb-shared -U smb1
Enter SAMBA\smb1's password:                      ##输入smb1 samba用户的密码
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Oct 10 21:55:21 2020
  ..                                  D        0  Sat Oct 10 19:21:20 2020
  123                                 N        0  Sat Oct 10 21:28:11 2020

    1. 挂载共享目录
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb1,password=samba
[root@vm1 mnt]# df -hT
Filesystem                  Type      Size  Used Avail Use% Mounted on
devtmpfs                    devtmpfs  963M     0  963M   0% /dev
tmpfs                       tmpfs     981M     0  981M   0% /dev/shm
tmpfs                       tmpfs     981M  8.7M  972M   1% /run
tmpfs                       tmpfs     981M     0  981M   0% /sys/fs/cgroup
/dev/mapper/cl-root         xfs        17G  2.0G   16G  12% /
/dev/sda1                   ext4      976M  109M  800M  12% /boot
//172.16.104.132/smb-public cifs       17G  2.2G   15G  13% /mnt/smb-public
tmpfs                       tmpfs     197M     0  197M   0% /run/user/0
//172.16.104.132/smb-shared cifs       17G  2.2G   15G  13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared/
[root@vm1 smb-shared]# 

2.3 验证效果

在客户端以smb1用户访问

[root@vm1 smb-shared]# touch abc
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
[root@vm1 smb-shared]# mkdir m
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
  • 此时服务端共享目录
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 smb1 smb1 0 Oct 15  2020 abc   //smb1可以创建文件,权限为644
drwxr-xr-x. 2 smb1 smb1 6 Oct 10 22:13 m     //smb1可以创建目录,权限为755

在客户端以smb2用户访问

[root@vm1 mnt]# umount /mnt/smb-shared/
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb2,password=samba
[root@vm1 mnt]# df -hT
Filesystem                  Type      Size  Used Avail Use% Mounted on
devtmpfs                    devtmpfs  963M     0  963M   0% /dev
tmpfs                       tmpfs     981M     0  981M   0% /dev/shm
tmpfs                       tmpfs     981M  8.7M  972M   1% /run
tmpfs                       tmpfs     981M     0  981M   0% /sys/fs/cgroup
/dev/mapper/cl-root         xfs        17G  2.0G   16G  12% /
/dev/sda1                   ext4      976M  109M  800M  12% /boot
//172.16.104.132/smb-public cifs       17G  2.2G   15G  13% /mnt/smb-public
tmpfs                       tmpfs     197M     0  197M   0% /run/user/0
//172.16.104.132/smb-shared cifs       17G  2.2G   15G  13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared
[root@vm1 smb-shared]# ll                                       //smb2可以访问共享目录
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
[root@vm1 smb-shared]# touch 456                              //smb2没有写权限
touch: cannot touch '456': Permission denied
[root@vm1 smb-shared]# mkdir efg
mkdir: cannot create directory ‘efg’: Permission denied

客户端以smb3用户访问

[root@vm1 mnt]# umount /mnt/smb-shared/
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb3,password=samba
mount error(13): Permission denied                          //smb3没有访问权限
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

3. 配置用户认证共享---用户映射smbusers

  • 需求:将用户smb1,smb2映射为share虚拟用户,然后以share访问共享目录

3.1 服务端

  • 1.编辑smb.conf //对上一个配置做了一点修改

[global]
        workgroup = SAMBA
        security = user
        passdb backend = tdbsam
        map to guest = bad user
        username map = /etc/samba/smbusers  //添用户映射文件路径
[smb-shared]
        comment = smb-shared
        path = /smb/smb-shared
        browseable = yes
        guest ok = yes
        writable = yes
        write list = share         //映射到share虚拟用户的共享用户有写权限
        public = yes               // 必须开启
#       read only = no             //必须删除
#       valid users = smb1,smb2    //必须删除,否则会冲突
        directory mask = 0755
        create mask = 0644
  • 2.编辑/etc/samba/smbusers文件
[root@vm3 samba]# vim smbusers 
share = smb1 smb2

  • 3.查看共享目录
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 smb1 smb1 0 Oct 15  2020 abc
drwxr-xr-x. 2 smb1 smb1 6 Oct 10 22:13 m
  • 4.重启或加载smb服务
[root@vm3 smb-shared]# systemctl restart smb
[root@vm3 smb-shared]# systemctl reload smb

3.2 客户端

    1. 查看共享目录
[root@vm1 mnt]# smbclient -L  //172.16.104.132/smb-shared -U share
Enter SAMBA\share's password: 

	Sharename       Type      Comment
	---------       ----      -------
	smb-public      Disk      smb-public
	smb-shared      Disk      smb-shared
	IPC$            IPC       IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[root@vm1 mnt]# smbclient //172.16.104.132/smb-shared -U share
Enter SAMBA\share's password: 
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Oct 10 22:13:24 2020
  ..                                  D        0  Sat Oct 10 19:21:20 2020
  123                                 N        0  Sat Oct 10 21:28:11 2020
  abc                                 A        0  Thu Oct 15 02:09:37 2020
  m                                   D        0  Sat Oct 10 22:13:24 2020

		17811456 blocks of size 1024. 15559832 blocks available
smb: \> mkdir j
smb: \> ls
  .                                   D        0  Sat Oct 10 22:46:17 2020
  ..                                  D        0  Sat Oct 10 19:21:20 2020
  123                                 N        0  Sat Oct 10 21:28:11 2020
  abc                                 A        0  Thu Oct 15 02:09:37 2020
  m                                   D        0  Sat Oct 10 22:13:24 2020
  j                                   D        0  Sat Oct 10 22:46:17 2020
  • 2.挂载共享目录
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=share,password=samba
[root@vm1 mnt]# df -hT
Filesystem                  Type      Size  Used Avail Use% Mounted on
devtmpfs                    devtmpfs  963M     0  963M   0% /dev
tmpfs                       tmpfs     981M     0  981M   0% /dev/shm
tmpfs                       tmpfs     981M  8.7M  972M   1% /run
tmpfs                       tmpfs     981M     0  981M   0% /sys/fs/cgroup
/dev/mapper/cl-root         xfs        17G  2.0G   16G  12% /
/dev/sda1                   ext4      976M  109M  800M  12% /boot
//172.16.104.132/smb-public cifs       17G  2.2G   15G  13% /mnt/smb-public
tmpfs                       tmpfs     197M     0  197M   0% /run/user/0
//172.16.104.132/smb-shared cifs       17G  2.2G   15G  13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared/
[root@vm1 smb-shared]# 
    1. 验证效果
  • 客户端
[root@vm1 smb-shared]# ll                              //客户端可以通过虚拟用户share访问共享目录
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:46 j
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
[root@vm1 smb-shared]# touch 456                //share映射的用户有写权限
[root@vm1 smb-shared]# mkdir h
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:45 456
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:49 h
drwxr-xr-x. 2 root root 0 Oct 10 22:46 j
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
  • 服务端共享目录
## 发现通过smbusers映射的用户创建的文件属性为nobody
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root   root   0 Oct 10 21:28 123
-rw-r--r--. 1 nobody nobody 0 Oct 15  2020 456
-rw-r--r--. 1 smb1   smb1   0 Oct 15  2020 abc
drwxr-xr-x. 2 nobody nobody 6 Oct 10 22:49 h
drwxr-xr-x. 2 nobody nobody 6 Oct 10 22:46 j
drwxr-xr-x. 2 smb1   smb1   6 Oct 10 22:13 m

上一篇:使用Samba实现文件共享


下一篇:centos中samba共享设置