文章目录
Samba :是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成;SMB - Server Messages Block 信息服务块:是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务;SMB协议是客户机/服务器型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源;
- Port 137(UDP) - NetBIOS 名字服务nmbd;
- Port 138(UDP) - NetBIOS 数据报服务;
- Port 139(TCP) - 文件和打印共享;
- Port 389 (TCP) - 用于 LDAP;
- Port 445 (TCP) - NetBIOS服务在windos 2000及以后版本使用此端口;
- Port 901 (TCP) - 用于SWAT,用于网页管理Samba;
1、安装服务
[root@localhost ~]# dnf install -y samba
Complete!
[root@localhost ~]# rpm -qa | grep samba
samba-common-libs-4.11.2-13.el8.x86_64
samba-common-4.11.2-13.el8.noarch
samba-client-libs-4.11.2-13.el8.x86_64
查看服务端点
[root@localhost ~]# netstat -anop | grep 445
[root@localhost ~]# ss -lntup | grep 445
2、配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
(#与;都是注释符号,不区分大小写)
[global] # 全局配置
workgroup = SAMBA
security = user
passdb backend = tdbsam /密码文件转为数据库;为:/var/lib/samba/private/passwd.tdb
printing = cups
printcap name = cups
load printers = yes /samba服务启动是否共享打印机设备;
cups options = raw /打印机选项;
[homes] /用户家目录的共享配置;
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers] /打印机共享配置;
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
* 参数详解
[global] /全局参数;
- config file = /usr/local/samba/lib/smb.conf.%m /使用另一个文件来覆盖默认的配置文件,如果文件不存在则该参数无效;假如pc1(主机名称)这台客户端访问Samba服务时使用他自己的配置文件,我们首先在/usr/local/samba/lib/这个目录下创建名称为smb.conf.pc1的文件,然后输出该参数的值,这样pc1访问Samba服务的时候就smb.conf.%m被替换为smb.conf.pc1,对于pc1来说它的Samba是由smb.conf.pc1来定义的,其他主机访问Samba服务是由smb.conf定义的;
- workgroup = WORKGROUP /设定服务加入的工作组或者域;
- server string = Smaba Server Version %v /设定服务注释,可以是任何字符或不填;
- netbios name = smbserver /设定Netbios名称,不能与workgroup重复,如果不设置则默认使用该服务器的DNS名称第一部分;
- interface = lo eth0 192.168.14.131/24 192.168.15.131/24 /设定监听网卡,可以写网卡名称或网卡IP地址;
- host allow = 127.0.0.1 /允许连接的客户端,多个参数空格隔开;
- host deny = 127.0.0.1 /拒绝连接的客户端,与上面参数相反;
- max connections = 0 /连接最大并发数,0为不限制;
- deadtime = 0 /设置断开一个没有打开任何文件连接的时间,0为不限制;
- time server = yes/no /是否成为客户端的时间服务器(NTP);
- log file = /var/log/samba/log.%m /设置日志存储文件路径;
- max log size = 0 /设置日志文件最大容量,单位为KB,0为不限制;
- security = user /设置用户访问验证模式;
验证方式:
- share:用户访问samba server不需要提供用户名和密码,安全性能较低,deprecated(已弃用);
- user:samba server共享目录只能被授权的用户访问,由samba server负责检查账号和密码的正确性。账号和密码要在samba server中建立;
- server:和user安全级别类似,但用户名和密码是递交到另外的server去验证,如果递交失败,就退到user安全级别,deprecated(已弃用);
- domain:这个安全级别要求网络上存在一台windows的主域控制器,samba把用户名和密码递交给它去验证;
passdb backend = tdbsam /设置用户后台;
用户后台:
分为三种smbpasswd、tdbsam、ldapsam,sam为security account manager 安全账户管理 的缩写;
-
smbpasswd:该方式是使用smb自己的工具smbpasswd来给系统用户设置一个Samba密码,客户端用这个设置的密码来访问资源,smbpasswd默认在/etc/samba目录下,可能需要手工创建该文件;
tdbsam:该方式则是使用一个数据库文件来建立用户数据库,数据库文件叫passdb.tdb,默认在/etc/samba目录下,passwd.tdb用户数据库可以使用smbpasswd -a来建立Samba用户,不过要建立的Samba用户必须是系统用户,我们也可以使用pdbedit命令来建立Samba用户;
pdbedit -a username:新建用户;
pdbedit -x username:删除用户;
pdbedit -L:;列出用户列表,读取passdb.tdb数据库文件;
pdbedit -Lv:列出用户列表详细信息;
pdbedit -c “[D]” -u username:暂停某个用户;
pdbedit -c “[]” -u username:恢复某个用户;
ldapsam:该方式是基于LDAP的账户管理方式来验证用户,首先要建立LDAP服务,然后设置passdb backend = ldapsam:ldap://LDAP Server; -
encrypt passwords = yes/no /是否将认证密码加密;
-
smb passwd file = /etc/samba/smbpasswd /定义smbpasswd密码文件路径;
-
username map = /etc/samba/smbusers /定义用户名映射,首先需要在smbusers文件中定义好映射关系,例如root = administrator admin,多个参数用空格隔开;
-
guest account = nobody /设置访客信息;
-
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 /设置服务器和客户端之间会话Socket选项,优化传输速度;
-
domain master = yes/no /设置服务器是否为主浏览器,主浏览器可以管理跨网络的其他浏览服务器;
-
local master = yes/no /是否成为本地主浏览器,有选举机制;
-
preferred master = yes/no /强迫进行主浏览器选举,提供成为本地主浏览器的机会;
-
os level = 200 /数值从0-255,数值越大,成为主浏览器的优先级越高;
-
domain logons = yes/no /是否成为本地域控制器;
-
dns proxy = yes/no /是否开启DNS代理服务;
-
load printers = yes/no /是否在启动服务时共享打印机;
-
printcap name = cups /设置共享打印机的配置文件;
-
printing = cups /设置共享打印机的类型,现在支持的系统有bsd、sysv、plp、lprng、aix、hpux、qnx;
[share] /共享参数;
- comment = share /描述共享目录的信息,可以为任意字符串;
- path = /共享目录路径,可以使用宏代替路径里面的某个名称;
- public = yes /是否允许guest账号访问服务;
- guest ok =yes /同上;
- browseable = yes /共享目录是否支持浏览;
- writable = yes /共享目录是否具有写权限;
- available = yes/no /共享目录是否可用;
- read only = yes /只读权限,等价于可写为no,冲突时后面的配置参数生效;
- admin user = root /共享目录管理员,多个用户逗号隔开;
- valid users = username /允许访问的用户,空表示所有,多用户逗号隔开,@group1表示用户组;
- invalid users = username /不允许访问的用户,多用户逗号隔开;
- write list = username /某用户可写,多用户逗号隔开;
- create mask = 0700 /创建的文件权限为700;
- directory mode = 0700 /同上;
3、服务配置
(1)共享某用户家目录 - xiaoming
服务端配置
[root@localhost ~]# vim /etc/samba/smb.conf
[global]
workgroup = work
security = user
[homes]
browseable = No
writeable = yes
[root@localhost ~]# systemctl restart smb nmb
创建共享所需的用户
[root@localhost ~]# useradd xiaoming
[root@localhost ~]# smbpasswd -a xiaoming
New SMB password:redhat
Retype new SMB password:redhat
Added user xiaoming.
[root@localhost ~]# pdbedit -a xiaoming
new password:redhat
retype new password:redhat
[root@localhost ~]# pdbedit -L
xiaoming:1003:
[root@localhost ~]# touch /home/xiaoming/test
[root@localhost ~]# ll /home/xiaoming/
total 0
-rw-r--r--. 1 root root 0 Sep 25 17:38 test
关闭防火墙与SeLinux
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
客户端配置
[root@localhost ~]# dnf install -y samba-client
Complete!
[root@localhost ~]# smbclient -L //192.168.14.131 -U xiaoming
Enter WORK\xiaoming's password: redhat
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.11.2)
xiaoming Disk Home Directories
SMB1 disabled -- no workgroup available
[root@localhost ~]# smbclient //192.168.14.131/xiaoming -U xiaoming
Enter WORK\xiaoming's password: redhat
Try "help" to get a list of possible commands.
smb: \> help
? allinfo altname archive backup
blocksize cancel case_sensitive cd chmod
chown close del deltree dir
du echo exit get getfacl
geteas hardlink help history iosize
lcd link lock lowercase ls
l mask md mget mkdir
more mput newer notify open
posix posix_encrypt posix_open posix_mkdir posix_rmdir
posix_unlink posix_whoami print prompt put
pwd q queue quit readlink
rd recurse reget rename reput
rm rmdir showacls setea setmode
scopy stat symlink tar tarmode
timeout translate unlock volume vuid
wdel logon listconnect showconnect tcon
tdis tid utimes logoff ..
smb: \> ls
. D 0 Fri Sep 25 17:38:55 2020
.. D 0 Fri Sep 25 17:36:51 2020
.mozilla DH 0 Wed Aug 19 17:14:51 2020
.bash_logout H 18 Fri Aug 30 13:30:21 2019
.bash_profile H 141 Fri Aug 30 13:30:21 2019
.bashrc H 312 Fri Aug 30 13:30:21 2019
test N 0 Fri Sep 25 17:38:55 2020
36678148 blocks of size 1024. 30422640 blocks available
smb: \> mget test /只可以下载文件,不可以下载目录;
Get file test? y
getting file \test of size 0 as test (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
[root@localhost ~]# ll . | grep test
-rw-r--r--. 1 root root 0 Sep 25 17:43 test
挂载该用户家目录
[root@localhost ~]# mkdir /share/xiaoming -pv
mkdir: created directory '/share'
mkdir: created directory '/share/xiaoming'
[root@localhost ~]# mount //192.168.14.131/xiaoming /share/xiaoming -o username=xiaoming,password=redhat
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
//192.168.14.131/xiaoming 35G 6.0G 30G 18% /share/xiaoming
[root@localhost ~]# ll /share/xiaoming/
total 0
-rwxr-xr-x. 1 root root 0 Sep 25 17:38 test
(2)共享自定义目录
需求:共享目录名称为zxc;任何人可以浏览该目录下的文件,但是不能删除别人创建的文件,只可以删除自己创建的文件;
服务端配置
[root@localhost ~]# vim /etc/samba/smb.conf
[public]
path = /zxc
browseable = yes
writeable = yes
[root@localhost ~]# mkdir /zxc
[root@localhost ~]# chmod o=rwx /zxc/
[root@localhost ~]# systemctl restart smb nmb
客户端配置
[root@localhost ~]# smbclient //192.168.14.131/public -U xiaoming
Enter WORK\xiaoming's password: redhat
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Fri Sep 25 18:12:55 2020
.. D 0 Fri Sep 25 18:10:07 2020
111.txt N 4 Fri Sep 25 18:12:55 2020
36678148 blocks of size 1024. 30421624 blocks available
smb: \> mget 111.txt
Get file 111.txt? y
getting file \111.txt of size 4 as 111.txt (3.9 KiloBytes/sec) (average 3.9 KiloBytes/sec)
smb: \> exit
[root@localhost ~]# ll | grep 111
-rw-r--r--. 1 root root 4 Sep 25 18:15 111.txt
[root@localhost ~]# pwd
/root
挂载该临时目录
[root@localhost ~]# mount //192.168.14.131/public /share/zxc/ -o username=xiaoming,password=redhat
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
//192.168.14.131/xiaoming 35G 6.0G 30G 18% /share/xiaoming
//192.168.14.131/public 35G 6.0G 30G 18% /share/zxc
[root@localhost ~]# ll /share/zxc/
total 4
-rwxr-xr-x. 1 root root 4 Sep 25 18:12 111.txt
(3)共享自定义目录
需求:samba服务端是work工作组的成员,共享目录为 /test111,共享名称为test222,所有人都可以访问,只有用户aaa可以向该目录中写入文件;
服务端配置
[root@localhost ~]# vim /etc/samba/smb.conf
[test222]
comment = test111
path = /test111
browseable = yes
write list = aaa
[root@localhost ~]# mkdir /test111
[root@localhost ~]# chmod o=rwx /test111/
[root@localhost ~]# echo this is test > /test111/test111
[root@localhost ~]# systemctl restart smb nmb
[root@localhost ~]# useradd aaa
[root@localhost ~]# smbpasswd -a aaa
New SMB password:redhat
Retype new SMB password:redhat
Added user aaa.
客户端配置
[root@localhost ~]# smbclient //192.168.14.131/test222 -U aaa
Enter WORK\xiaoming's password:
Try "help" to get a list of possible commands.
smb: \> mkdir test222
smb: \> ls
. D 0 Fri Sep 25 18:35:25 2020
.. D 0 Fri Sep 25 18:30:04 2020
test111 N 13 Fri Sep 25 18:30:56 2020
test222 D 0 Fri Sep 25 18:35:25 2020
36678148 blocks of size 1024. 30403056 blocks available
[root@localhost ~]# smbclient //192.168.14.131/test222 -U xiaoming
Enter WORK\xiaoming's password:
Try "help" to get a list of possible commands.
smb: \> mkdir test333
NT_STATUS_ACCESS_DENIED making remote directory \test333
(4)多用户挂载
需求:将(3)的目录挂载在客户端,并且使用用户xiaoming作为认证用户,通过用户bbb来临时获取写的权限;
[root@localhost ~]# dnf install -y cifs-utils
Complete!
[root@localhost ~]# vim /etc/fstab
//192.168.14.131/test222 /test111 cifs defaults,multiuser,username=xiaoming,password=redhat,sec=ntlmssp 0 0
[root@localhost ~]# mkdir /share/test111
[root@localhost ~]# mount -a
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
//192.168.14.131/xiaoming 35G 6.0G 29G 18% /share/xiaoming
//192.168.14.131/public 35G 6.0G 29G 18% /share/zxc
//192.168.14.131/test222 35G 6.0G 29G 18% /test111
[root@localhost test111]# touch test333
touch: cannot touch 'test333': Permission denied
[root@localhost test111]# useradd bbb
[root@localhost test111]# su bbb
[bbb@localhost test111]$ touch test333
touch: cannot touch 'test333': Permission denied
[bbb@localhost test111]$ cifscreds add 192.168.14.131
Password: redhat