Samba

 

 

1. 挂载
   

   mount -t cifs -o username=gdm,password=gdm //ip/share_name /mnt

    

2. 查看共享
   

   smbclient --list //ip

    

3. 远程浏览
   

   smbclient //ip/share_name --user gdm%password

    

4. 常用命令
   

   smbpasswd & pdbedit 管理账号
   testparm 检查配置

    

5. Configuration
   

   ### Global ###
   workgroup = WORKGROUP
   server string = Samba Server Version %valid
   netbios name = netbios name
   guest account = nobody
   interfaces = lo eth0 ip/mask
   
   
   ### Authentication ###
   security = user
   #表示系统账户要先添加进samba库然后变成samba用户，使用samba用户来登陆，简单来讲就是需要使用用户密码登录。Samba Server共享目录只能被授权的用户访问,由Samba Server负责检查账号和密码的正确性。账号和密码要在本Samba Server中建立
   map to guest = bad user
   passdb backend = tdbsam
   
   
   ### Privileges ###
   create mask = 0664  # 上传或新建文件的权限(取消X)
   directory mask = 0775  # 上传或新建文件夹的权限
   inherit acls = yes
   
   
   ### Access Control ###
   hosts allow = 192.168.0.0/24
   hosts deny = 0.0.0.0/0
   valid users = halt @halt
   invalid users = gdm @gdm
   force group = @printadmin
   
   
   ### Share ###
   comment = Printer Drivers
   path = /var/lib/samba/drivers
   write list = @printadmin root
   writable = yes
   public = yes
   only guest = no
   guest ok = yes
   read only = no
   browseable = yes
   printable = yes  # 不可使用,会变成打印机,而非文件共享

    

6. Practice
   

   举例如下：
   [root@samba-server ~]# cd /etc/samba/
   [root@samba-server samba]# cat smb.conf
   ......
   [global]
           config file = /etc/samba/%U.smb.conf
   ......
    
   [root@samba-server samba]# cat ops.smb.conf
   [技术部-运维组]                                                 
          comment = please do not modify it all will       
          path= /data/samba                                                                
          public = no        
          valid users = durant,grace,henry,@samba
          printable = no
          write list = @samba
    
   [root@samba-server samba]# useradd samba
   [root@samba-server samba]# mkdir /data/samba
    
   [root@samba-server samba]# mkdir /data/samba/技术小栈
   [root@samba-server samba]# mkdir /data/samba/操作实录
   [root@samba-server samba]# mkdir /data/samba/服务器信息
   [root@samba-server samba]# chown -R samba.samba /data/samba
   [root@samba-server samba]# chmod -R 700 /data/samba
    
   [root@samba-server samba]# useradd durant -d /data/samba -s /sbin/nologin
   [root@samba-server samba]# useradd grace -d /data/samba -s /sbin/nologin
   [root@samba-server samba]# useradd henry -d /data/samba -s /sbin/nologin
    
   [root@samba-server samba]# gpasswd -a durant samba
   [root@samba-server samba]# gpasswd -a grace samba
   [root@samba-server samba]# gpasswd -a henry samba
    
   [root@samba-server samba]# setfacl -R -m u:durant:rwx /data/samba
   [root@samba-server samba]# setfacl -R -m u:grace:rwx /data/samba
   [root@samba-server samba]# setfacl -R -m u:henry:rwx /data/samba
    
   [root@samba-server ~]# pdbedit -a -u durant
   [root@samba-server ~]# pdbedit -a -u grace
   [root@samba-server ~]# pdbedit -a -u henry
    
   [root@samba-server samba]# ll -d /data/samba
   drwxrwx---+ 5 samba samba 69 Jun 14 17:31 /data/samba
   [root@samba-server samba]# ll -d /data/samba/*
   drwxrwx---+ 2 samba samba 6 Jun 14 17:31 /data/samba/技术小栈
   drwxrwx---+ 2 samba samba 6 Jun 14 17:31 /data/samba/操作实录
   drwxrwx---+ 2 samba samba 6 Jun 14 17:31 /data/samba/服务器信息
    
   这样，使用durant、grace、henry三个账号登录samba后，就只能看到以自己账号下的共享目录名（即各自的账号名的目录），其他定义的共享资源都无法看到！