实验环境:CentOS7
主机:172.16.251.223 主机名:localhost
客户端:172.16.253.99 主机名:pxe99
访问共享samba文件系统的方式:
smbclient的方式和挂载两种方式。
#主机安装: [root@~ localhost]#yum install samba [root@~ localhost]#rpm -ql samba /usr/lib/systemd/system/nmb.service #提供Windows共享 /usr/lib/systemd/system/smb.service #Linux共享 [root@~ localhost]#systemctl start nmb.service smb.service #nmb.sercice监听udp/137,138;smb.service监听tcp/139,445端口 [root@~ localhost]#ss -ntlu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 172.16.255.255:137 *:* udp UNCONN 0 0 172.16.251.223:137 *:* udp UNCONN 0 0 *:137 *:* udp UNCONN 0 0 172.16.255.255:138 *:* udp UNCONN 0 0 172.16.251.223:138 *:* udp UNCONN 0 0 *:138 *:* udp UNCONN 0 0 *:52457 *:* udp UNCONN 0 0 *:68 *:* udp UNCONN 0 0 :::15821 :::* tcp LISTEN 0 50 *:139 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 50 *:445 *:* tcp LISTEN 0 50 :::139 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::* tcp LISTEN 0 50 :::445 :::* #备份配置文件 [root@samba localhost]#cp -av smb.conf{,.bak} [root@samba localhost]#cp -av smb.conf.example{,.bak} [root@samba localhost]#vim smb.conf.example interfaces = lo eno16777736 #监听网卡 #interfaces = 127. 172.16. #监听本地和172.16.的网段 #hosts allow = 127. 172.16. #允许本地和172.16网段的客户端访问 # log files split per-machine: log file = /var/log/samba/log.%m #日志文件不止一个,每个不同的客户端访问都会创建日志文件 # maximum size of 50KB per log file, then rotate: max log size = 50 #日志文件的大小,到达文件最大值值,滚动创建新文件 security = user #用户必须是系统用户,即在/etc/passwd中 passdb backend = tdbsam #密码单独加密保存 #测试配置文件语法 [root@samba localhost]#testparm [root@samba localhost]#systemctl restart nmb.service smb.service [root@samba localhost]#ss -ntlu | egrep "137|138|139|445" #创建登录Samba的用户 [root@samba localhost]#useradd smbuser1 [root@samba localhost]#smbpasswd -a smbuser1 New SMB password: Retype new SMB password: Added user smbuser1. #-a:是添加新用户 #没有-a表示修改用户的密码 #客户端安装:必须安装samba和samba-client [root@~ localhost]#yum install samba [root@~ pxe99]#yum -y install samba-client #匿名登录 [root@samba pxe99]#smbclient -L 172.16.251.223 Enter root's password: Anonymous login successful #samba用户登录进行信息查看,登录后是看到的是自己的家目录 [root@samba pxe99]#smbclient -L 172.16.251.223 -U smbuser1 Enter smbuser1's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.4.4) smbuser1 Disk Home Directories #共享文件 共享家目录 #-L :跟需要登录的sanba主机ip #-U:后跟samba的用户名,必须是samba主机的系统用户 #登录查看文件内容 #//后跟主机ip/共享文件名:即服务名 [root@samba pxe99]#smbclient //172.16.251.223/smbuser1 -U smbuser1 Enter smbuser1's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4] smb: \> ls smb: \> lcd /tmp #切换到本地/tmp目录下
创建公共共享目录:
#创建目录 [root@samba localhost]#mkdir /data/samba/files -pv mkdir: created directory ‘/data’ mkdir: created directory ‘/data/samba’ mkdir: created directory ‘/data/samba/files’ #主机 [root@samba localhost]#vim smb.conf #共享文件系统配置 [myfiles] comment = A test shared dir. #注释信息 path = /data/samba/files #共享文件路径 public = yes #公开所有用户 writable = yes #可写 # write list = smbuser1 smbuser2 #批量定义对共享文件系统可写的用户 browseable = yes #可浏览查看 [root@samba localhost]#testparm [myfiles] comment = A test shared dir. path = /data/samba/files read only = No [root@samba localhost]#systemctl restart nmb.service smb.service #客户端 [root@samba pxe99]#smbclient -L 172.16.251.223 -U smbuser1 Enter smbuser1's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4] Sharename Type Comment --------- ---- ------- myfiles Disk A test shared dir. [root@samba pxe99]#smbclient //172.16.251.223/myfiles -U smbuser1 Enter smbuser1's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4] smb: \> ls #此时用户有写的权限,即共享的文件系统的写权限。 smb: \> lcd /etc/ smb: \> put issue NT_STATUS_ACCESS_DENIED opening remote file \issue #可知,用户没有本地系统的写权限 #主机 [root@samba localhost]#ll -d /data/samba/files/ drwxr-xr-x 2 root root 4096 Jun 6 00:36 /data/samba/files/ #修改acl访问控制列表 [root@samba localhost]#setfacl -m u:smbuser1:rwx /data/samba/files/ #客户端 [root@samba pxe99]#smbclient //172.16.251.223/myfiles -U smbuser1 Enter smbuser1's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.4.4] smb: \> lcd /etc/ smb: \> put fstab putting file fstab as \fstab (18.2 kb/s) (average 18.2 kb/s) #主机 #以组的方式创建用户的共享文件系统权限 [root@files localhost]#groupadd smbgrp #创建系统新组 #修改登录samba的权限,即共享文件系统的权限 [root@files localhost]#setfacl -m g:smbgrp:rwx /data/samba/files/ #创建新用户。并加入附加组 [root@files localhost]#useradd -G smbgrp smbuser2 [root@files localhost]#useradd -G smbgrp smbuser3 #将组配置 [root@samba localhost]#vim smb.conf [myfiles] comment = A test shared dir. path = /data/samba/files pubic = yes # writable = yes write list = +smbgrp #对共享文件系统给予组可写的权限 browseable = yes [root@samba localhost]#testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[myfiles]" Unknown parameter encountered: "pubic" Ignoring unknown parameter "pubic" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [myfiles] comment = A test shared dir. path = /data/samba/files write list = +smbgrp [root@samba localhost]#systemctl restart nmb.service smb.service #将新用户添加到samba用户组中 [root@samba localhost]#smbpasswd -a smbuser2 New SMB password: Retype new SMB password: Added user smbuser2. [root@samba localhost]#smbpasswd -a smbuser3 New SMB password: Retype new SMB password: Added user smbuser3.
[root@sbin pxe99]#mount -t cifs -o username=smbuser3,password=123456
//172.16.251.223/myfiles /mnt #-o 选项 附:mount: wrong fs type, bad option, bad superblock on //172.16.251.223/myfiles, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program) In some cases useful info is found in syslog - try dmesg | tail or so. 解决方案: [root@sbin pxe99]#ls /sbin/|egrep "mount.nfs.*|mount.cif.*" mount.nfs mount.nfs4 umount.nfs umount.nfs4 #故安装cifs-utils,然后挂载 [root@sbin pxe99]#yum -y install cifs-utils
#主机 [root@testdir localhost]#cd /data/samba/files/ [root@testdir localhost]#mkdir testdir #给新建的目录授权samba用户可访问 [root@testdir localhost]#setfacl -m g:smbgrp:rwx testdir/ #给1001用户权限,映射到客户端user2:1001才有权限写,映射的是userID [root@testdir localhost]#chown 1001:1001 testdir/ #客户端 #单独创建目录挂载文件系统 [root@sbin pxe99]#umount /mnt [root@sbin pxe99]#mkdir /data/test -pv [root@sbin pxe99]#chown user2 /data/test/ [root@sbin pxe99]#useradd user2 [root@sbin pxe99]#mount -t cifs -o username=smbuser3,password=123456
//172.16.251.223/myfiles /data/test [root@test pxe99]#su - user2 Last login: Wed Jun 7 11:43:32 CST 2017 on pts/1 [user2@pxe99 ~]$ ls [user2@pxe99 ~]$ cd /data/test/testdir/ [user2@pxe99 testdir]$ cp /etc/hosts ./ #user2的ID为1001 [user2@pxe99 testdir]$ ll /etc/hosts -rw-r--r--. 1 root root 158 Jun 7 2013 /etc/hosts
samba的实验:请点击:http://www.cnblogs.com/wzhuo/p/6980036.html
sampasswd的基本用法:http://www.cnblogs.com/wzhuo/p/6978990.html
