Samba服务器的配置与使用


1、系统环境变量

Fedora:

 yum install libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig libattr-devel \
   krb5-workstation

Debian or Ubuntu:

 apt-get install build-essential libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl

Red Hat Enterprise Linux or CentOS:   

yum install gcc libacl-devel libblkid-devel gnutls-devel \
   readline-devel python-devel gdb pkgconfig krb5-workstation \
   zlib-devel setroubleshoot-server libaio-devel \
   setroubleshoot-plugins policycoreutils-python \
   libsemanage-python setools-libs-python setools-libs \
   popt-devel libpcap-devel sqlite-devel libidn-devel \
   libxml2-devel libacl-devel libsepol-devel libattr-devel \
   keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils

我用的CentOS 6.4。


2、编译和安装Samba源文件

从Samba官网http://www.samba.org/下载最新的源代码,进行编译

我下载的是samba-4.1.6, 将下载文件解压,然后进入samba-4.1.6目录中,运行以下命令

./configure
make
make install  #安装

samba的默认安装路径是:/usr/local/samba


3、配置Samba

(1)启动samba服务方法:
/usr/local/samba/sbin/samba
 
(2)将/usr/local/samba/sbin/samba这条路径添加到/etc/rc.d/rc.local中
 
(3)链接动态链接库,运行samba的中smbd和nmbd需要用到目录/usr/local/samba/lib下的动态链接库文件。但是该目录不是系统默认的动态链接库文件搜索路径,于是我们需要将该目录添加到文件ld.so.conf中。执行下面的命令
   
 vi /etc/ld.so.conf    #打开文件    
    /usr/local/samba/lib    #在文件中添加一行,保存退出
    ldconfig    #更新动态链接库缓存
 
(4)配置环境变量
打开root目录下的.bash_profile文件
#.bash_profile
#Get the aliases and functions
if[ -f ~/.bashrc ]; then
.~/.bashrc
fi
#User specific environment and startup programs
PATH=$PATH:$HOME/bin:/usr/local/samba/bin:/usr/local/samba/sbin
export PATH
 
(5)建立域
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
 
如果删除域使用以下命令:
rm -rf /usr/local/samba/etc/smb.conf
rm -rf /usr/local/samba/private/*
 
执行建立域命令后出现:
Realm[BTA.NET.CN]: test.com  #域名
Domain[xfs]: test
ServerRole (dc, member, standalone) [dc]: dc
DNSbackend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)[SAMBA_INTERNAL]:
DNSforwarder IP address (write 'none' to disable forwarding)[202.106.0.20]:
Administratorpassword:
Retypepassword: 
 
创建完之后需要启动samba:
/usr/local/samba/sbin/samba
 
首先测试samba和smbclient的版本:
/usr/local/samba/sbin/samba -V
/usr/local/samba/bin/smbclient --version
 
然后运行下列命令列出samba服务器上共享的目录;
$ /usr/local/samba/bin/smbclient -L localhost -U%
 
       Sharename       Type      Comment
       ---------       ----      -------
       netlogon        Disk
       sysvol          Disk
       IPC$            IPC       IPC Service (Samba 4.x.y)
 
如果失败了,重新启动samba:
killall samba
/usr/local/samba/sbin/samba
 
测试认证正常工作,输入以下命令:
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
 
Domain=[SAMDOM] OS=[Unix] Server=[Samba 4.x.y]
  .                                   D        0  Tue Dec 11 20:00:00 2012
  ..                                  D        0  Tue Dec 11 20:00:00 2012
 
 
(6)配置DNS
 
刚才选择的是samba自带的dns,并已经设置了下一跳的dns服务器地址。
 
所以为了本地正常解析,所以配置本地的/etc/resolv.conf文件
domain test.com
nameserver 192.168.10.215  #本地IP地址 
 
测试DNS
输入以下命令:
$ host -t SRV _ldap._tcp.samdom.example.com.
_ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com.

$ host -t SRV _kerberos._udp.samdom.example.com.
_kerberos._udp.samdom.example.com has SRV record 0 100 88 dc1.samdom.example.com.

$ host -t A dc1.samdom.example.com.
dc1.samdom.example.com has address 192.168.10.215
 
(7)配置Kerberos
Kerberos是由krb5.conf文件配置,kerberos的默认配置文件在/etc/krb5.conf中,但是/usr/local/samba/share/setup/krb5.conf是一个样板文件,你可以将该文件复制并覆盖原来的krb5.conf文件,并进行修改
[libdefaults]
        default_realm = TEST.COM  #大写
        dns_lookup_realm = false
        dns_lookup_kdc = true
 
测试kerberos正常工作,运行以下命令:
kinit administrator@TEST.COM
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator@SAMDOM.EXAMPLE.COM
 
Valid starting     Expires            Service principal
04/03/13 19:39:48  04/05/13 19:39:46  krbtgt/TEST.COM@TEST.COM

 

4、从Windows客户端连接Samba服务器
(1)在windows上安装windows远程管理工具。win7或者Win XP详细下载请见:http://wiki.samba.org/index.php/Samba_AD_management_from_windows  并且安装组管理策略(仅XP需要),组管理策略需要.NET版本1.1。
(2)通过Windows客户端查看Samba AD。在开始->控制面板->管理工具->Active Directory用户和计算机。或者直接在运行中输入dsa.msc
(3)通过Windows客户端查看Samba的组管理策略。在开始->控制面板->管理工具->组策略管理
posted @ 2014-05-22 10:49  Xu Feng  阅读(1785)  评论(0编辑  收藏  举报