linux系统中部署Samba服务(实现linux系统之间文件共享)
samba的文件共享服务采用服务器/客户端模式,本质为服务器端的特定目录实现在客户机端特定目录的挂载,从而实现服务器端和客户机端的目录文件共享。
在以下实验中,PC1为服务器端,IP为192.168.10.10; PC2为客户机端,IP为192.168.10.20;
1、在PC1服务器端安装samba服务
[root@PC1 ~]# yum install samba -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel7 | 4.1 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================
Package Arch Version Repository Size
==================================================================================
Installing:
samba x86_64 4.1.1-31.el7 rhel7 527 k
Transaction Summary
==================================================================================
Install 1 Package
Total download size: 527 k
Installed size: 1.5 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : samba-4.1.1-31.el7.x86_64 1/1
rhel7/productid | 1.6 kB 00:00:00
Verifying : samba-4.1.1-31.el7.x86_64 1/1
Installed:
samba.x86_64 0:4.1.1-31.el7
Complete!
2、在PC1服务器端精简samba服务的主配置文件
[root@PC1 ~]# cd /etc/samba/
[root@PC1 samba]# ls
lmhosts smb.conf
[root@PC1 samba]# cp smb.conf smb.conf.bak
[root@PC1 samba]# grep -v "#" smb.conf.bak | grep -v ";" | grep -v "^$" > smb.conf
[root@PC1 samba]# cat smb.conf
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
3、在PC1服务器端创建用于访问共享资源的账户信息(samba服务采用用户口令认证模式,用于登录的用户在PC1服务器端必须已经存在)
[root@PC1 ~]# id linuxprobe
uid=1000(linuxprobe) gid=1000(linuxprobe) groups=1000(linuxprobe),10(wheel)
[root@PC1 ~]# pdbedit -a -u linuxprobe
new password: ## 此处设定在客户端登录时的密码
retype new password:
Unix username: linuxprobe
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1761013935-1237571759-2663186072-1000
Primary Group SID: S-1-5-21-1761013935-1237571759-2663186072-513
Full Name: linuxprobe
Home Directory: \\pc1\linuxprobe
HomeDir Drive:
Logon Script:
Profile Path: \\pc1\linuxprobe\profile
Domain: PC1
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 15 Dec 2020 21:22:58 CST
Password can change: Tue, 15 Dec 2020 21:22:58 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4、在PC1服务器端创建用户共享资源的文件目录
[root@PC1 ~]# mkdir /home/database
[root@PC1 ~]# ll -d /home/database/
drwxr-xr-x. 2 root root 6 Dec 15 21:25 /home/database/
[root@PC1 ~]# chown -R linuxprobe:linuxprobe /home/database/ ## 修改权限,客户端登录用户权限
[root@PC1 ~]# ll -d /home/database/
drwxr-xr-x. 2 linuxprobe linuxprobe 6 Dec 15 21:25 /home/database/
[root@PC1 ~]# ll -ldZ /home/database/ ## 查看SELinux上下文
drwxr-xr-x. linuxprobe linuxprobe unconfined_u:object_r:home_root_t:s0 /home/database/
[root@PC1 ~]# semanage fcontext -a -t samba_share_t /home/database ## 修改上下文
[root@PC1 ~]# restorecon -Rv /home/database/ ## 启动
restorecon reset /home/database context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@PC1 ~]# ll -ldZ /home/database/
drwxr-xr-x. linuxprobe linuxprobe unconfined_u:object_r:samba_share_t:s0 /home/database/
5、在PC1服务器端设置SELinux服务于策略,使家目录支持samba服务
[root@PC1 ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@PC1 ~]# setsebool -P samba_enable_home_dirs=on
[root@PC1 ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
6、在PC1服务器端修改samba服务主配置文件,填写共享信息
[root@PC1 ~]# vim /etc/samba/smb.conf
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[database]
comment = Do not arbitrarily modify the database file
path = /home/database
public = no
writable = yes
~
7、在PC1服务器端重启samba服务
[root@PC1 ~]# systemctl restart smb
[root@PC1 ~]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
8、在PC1服务器端清空防火墙策略
[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@PC1 ~]# systemctl status smb ## 查看samba服务状态
smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Tue 2020-12-15 21:41:03 CST; 1min 42s ago
Main PID: 4487 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─4487 /usr/sbin/smbd
└─4490 /usr/sbin/smbd
Dec 15 21:41:03 PC1 smbd[4487]: [2020/12/15 21:41:03.287294, 0] ../lib/util/become_daemon.c:...ady)
Dec 15 21:41:03 PC1 systemd[1]: Started Samba SMB Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
9、查看PC1服务器端IP
[root@PC1 ~]# ifconfig | head -n 5
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe66:37f7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:66:37:f7 txqueuelen 1000 (Ethernet)
RX packets 222 bytes 45170 (44.1 KiB)
10、在PC2客户端测试与PC1服务器主机的连通性
[root@PC2 ~]# ifconfig | head -n 5
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.20 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe25:bb3e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:25:bb:3e txqueuelen 1000 (Ethernet)
RX packets 78 bytes 26676 (26.0 KiB)
[root@PC2 ~]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.231 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.238 ms
--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.231/0.292/0.408/0.083 ms
11、在PC2客户端安装支持文件共享服务的软件包(cifs-utils)
[root@PC2 ~]# yum install cifs-utils -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
cifs-utils x86_64 6.2-6.el7 rhel7 83 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 83 k
Installed size: 174 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : cifs-utils-6.2-6.el7.x86_64 1/1
rhel7/productid | 1.6 kB 00:00
Verifying : cifs-utils-6.2-6.el7.x86_64 1/1
Installed:
cifs-utils.x86_64 0:6.2-6.el7
Complete!
12、在PC2客户端,将登陆用户、密码和共享域写入到认证文件中
[root@PC2 ~]# pwd
/root
[root@PC2 ~]# vim auth.smb
username=linuxprobe
password=abc123456 ## 此处的密码为在PC1服务器端使用pdbedit命令创建用户资料是设定的登陆密码
domain=MYGROUP
[root@PC2 ~]# ll auth.smb
-rw-r--r--. 1 root root 54 Dec 15 22:09 auth.smb
[root@PC2 ~]# chmod 600 auth.smb ## 设定为仅root可查看
[root@PC2 ~]# ll auth.smb
-rw-------. 1 root root 54 Dec 15 22:09 auth.smb
13、在PC2客户机端创建挂载点
[root@PC2 ~]# mkdir /database
14、修改开机自动挂载配置文件
[root@PC2 ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Dec 2 16:46:09 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 1 1
UUID=5cc50fd7-fef7-4902-a0f6-d583b437954d /boot xfs defaults 1 2
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/cdrom /media/cdrom iso9660 defaults 0 0
//192.168.10.10/database /database cifs credentials=/root/auth.smb 0 0
15、在PC1服务器端的共享点创建测试文件
[root@PC1 database]# cd /home/database/
[root@PC1 database]# echo 'i am pc1' > pc1
[root@PC1 database]# mkdir dirpc1
[root@PC1 database]# ls
dirpc1 pc1
16、在PC2客户机端挂载共享目录
[root@PC2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.0G 15G 17% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 80K 994M 1% /dev/shm
tmpfs 994M 8.8M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /media/cdrom
[root@PC2 ~]# mount -a
[root@PC2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.0G 15G 17% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 80K 994M 1% /dev/shm
tmpfs 994M 8.8M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /media/cdrom
//192.168.10.10/database 18G 3.0G 15G 17% /database
17、在PC2端进入挂载点,检测是否PC1服务器端测试文件
[root@PC2 database]# cd /database/
[root@PC2 database]# ls
dirpc1 pc1
[root@PC2 database]# cat pc1
i am pc1
[root@PC2 database]# echo 'i am pc2' > pc2
[root@PC2 database]# mkdir dirpc2
[root@PC2 database]# ls
dirpc1 dirpc2 pc1 pc2
18、在PC1服务器端共享目录检测客户端创建的文件
[root@PC1 database]# cd /home/database/
[root@PC1 database]# ls
dirpc1 dirpc2 pc1 pc2
[root@PC1 database]# cat pc2
i am pc2
以上实验说明了PC1服务器端的目录 /home/database在客户机端/database(挂载点)实现了文件共享。
