Samba服务器的配置与使用
1、系统环境变量
Fedora:
yum install libacl-devel libblkid-devel gnutls-devel \ readline-devel python-devel gdb pkgconfig libattr-devel \ krb5-workstation
Debian or Ubuntu:
apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl
Red Hat Enterprise Linux or CentOS:
yum install gcc libacl-devel libblkid-devel gnutls-devel \ readline-devel python-devel gdb pkgconfig krb5-workstation \ zlib-devel setroubleshoot-server libaio-devel \ setroubleshoot-plugins policycoreutils-python \ libsemanage-python setools-libs-python setools-libs \ popt-devel libpcap-devel sqlite-devel libidn-devel \ libxml2-devel libacl-devel libsepol-devel libattr-devel \ keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils
我用的CentOS 6.4。
2、编译和安装Samba源文件
从Samba官网http://www.samba.org/下载最新的源代码,进行编译
我下载的是samba-4.1.6, 将下载文件解压,然后进入samba-4.1.6目录中,运行以下命令
./configure make make install #安装
samba的默认安装路径是:/usr/local/samba
3、配置Samba
(1)启动samba服务方法:
/usr/local/samba/sbin/samba
(2)将/usr/local/samba/sbin/samba这条路径添加到/etc/rc.d/rc.local中
(3)链接动态链接库,运行samba的中smbd和nmbd需要用到目录/usr/local/samba/lib下的动态链接库文件。但是该目录不是系统默认的动态链接库文件搜索路径,于是我们需要将该目录添加到文件ld.so.conf中。执行下面的命令
vi /etc/ld.so.conf #打开文件 /usr/local/samba/lib #在文件中添加一行,保存退出 ldconfig #更新动态链接库缓存
(4)配置环境变量
打开root目录下的.bash_profile文件
#.bash_profile #Get the aliases and functions if[ -f ~/.bashrc ]; then .~/.bashrc fi #User specific environment and startup programs PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin export PATH
(5)建立域
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
如果删除域使用以下命令:
rm -rf /usr/local/samba/etc/smb.conf rm -rf /usr/local/samba/private/*
执行建立域命令后出现:
Realm[BTA.NET.CN]: test.com #域名 Domain[xfs]: test ServerRole (dc, member, standalone) [dc]: dc DNSbackend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)[SAMBA_INTERNAL]: DNSforwarder IP address (write 'none' to disable forwarding)[202.106.0.20]: Administratorpassword: Retypepassword:
创建完之后需要启动samba:
/usr/local/samba/sbin/samba
首先测试samba和smbclient的版本:
/usr/local/samba/sbin/samba -V
/usr/local/samba/bin/smbclient --version
然后运行下列命令列出samba服务器上共享的目录;
$ /usr/local/samba/bin/smbclient -L localhost -U% Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.x.y)
如果失败了,重新启动samba:
killall samba /usr/local/samba/sbin/samba
测试认证正常工作,输入以下命令:
$ smbclient //localhost/netlogon -UAdministrator -c 'ls' Domain=[SAMDOM] OS=[Unix] Server=[Samba 4.x.y] . D 0 Tue Dec 11 20:00:00 2012 .. D 0 Tue Dec 11 20:00:00 2012
(6)配置DNS
刚才选择的是samba自带的dns,并已经设置了下一跳的dns服务器地址。
所以为了本地正常解析,所以配置本地的/etc/resolv.conf文件
domain test.com nameserver 192.168.10.215 #本地IP地址
测试DNS
输入以下命令:
$ host -t SRV _ldap._tcp.samdom.example.com. _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com. $ host -t SRV _kerberos._udp.samdom.example.com. _kerberos._udp.samdom.example.com has SRV record 0 100 88 dc1.samdom.example.com. $ host -t A dc1.samdom.example.com. dc1.samdom.example.com has address 192.168.10.215
(7)配置Kerberos
Kerberos是由krb5.conf文件配置,kerberos的默认配置文件在/etc/krb5.conf中,但是
/usr/local/samba/share/setup/krb5
.conf是一个样板文件,你可以将该文件复制并覆盖原来的
krb5.conf文件,并进行修改[libdefaults] default_realm = TEST.COM #大写 dns_lookup_realm = false dns_lookup_kdc = true
测试kerberos正常工作,运行以下命令:
kinit administrator@TEST.COM $ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: administrator@SAMDOM.EXAMPLE.COM Valid starting Expires Service principal 04/03/13 19:39:48 04/05/13 19:39:46 krbtgt/TEST.COM@TEST.COM
(1)在windows上安装windows远程管理工具。win7或者Win XP详细下载请见:http://wiki.samba.org/index.php/Samba_AD_management_from_windows 并且安装组管理策略(仅XP需要),组管理策略需要.NET版本1.1。
(2)通过Windows客户端查看Samba AD。在开始->控制面板->管理工具->Active Directory用户和计算机。或者直接在运行中输入dsa.msc
(2)通过Windows客户端查看Samba AD。在开始->控制面板->管理工具->Active Directory用户和计算机。或者直接在运行中输入dsa.msc
(3)通过Windows客户端查看Samba的组管理策略。在开始->控制面板->管理工具->组策略管理