|
******************理論部分*****************
Samba: 是一款在Linux/Unix系統(tǒng)上實(shí)現(xiàn)與windows系統(tǒng)進(jìn)行文件共享的免費(fèi)開源軟件�。廣泛應(yīng)用于Unix-like與Windows之間,提供文件共享和打印機(jī)共享服務(wù)����,使得不同系統(tǒng)之間跨平臺共享資源更加便捷. Samba服務(wù): 由服務(wù)端及客戶端程序構(gòu)成,采用的是smb/cifs網(wǎng)絡(luò)協(xié)議��。 SMB協(xié)議: 英文全稱為 Server Message Block(服務(wù)協(xié)議塊),該通信協(xié)議是微軟公司和英特爾公司在1987年制定的協(xié)議��,主要是作為Microsoft網(wǎng)絡(luò)的通訊協(xié)議。SMB協(xié)議是用在會話層和表示層以及小部分應(yīng)用層的協(xié)議��。SMB協(xié)議使用NetBIOS的應(yīng)用程序接口(簡稱API)�����。另外���,它是一個(gè)開放性的協(xié)議�,允許了協(xié)議擴(kuò)展——使得它變得更大而且復(fù)雜��;后來微軟又把 SMB協(xié)議改名為CIFS協(xié)議(Common Internet File
System)���,并且加入了許多新的特色。 NETBIOS協(xié)議: 全稱為Network Basic Input/Output System�����,由IBM公司開發(fā)����,Windows基于主機(jī)實(shí)現(xiàn)通信的機(jī)制,主要用于數(shù)十臺計(jì)算機(jī)的小型局域網(wǎng)��。NetBIOS是跟局域網(wǎng)有關(guān)的網(wǎng)絡(luò)協(xié)議,從XP系統(tǒng)開始����,這個(gè)協(xié)議已經(jīng)集成在TCP/IP協(xié)議里面了,一般不需要單獨(dú)使用這個(gè)協(xié)議了���; DNS協(xié)議與NETBIOS協(xié)議的區(qū)別:
協(xié)議不同:DNS是基于tcp/ip協(xié)議的���;NETBIOS是基于netbios協(xié)議的。 使用環(huán)境不同:DNS用于局域網(wǎng)和廣域網(wǎng)���,NETBIOS只能用于局域網(wǎng)
Samba用到的服務(wù)端口: udp:137, 138
tcp:139, 445
Samba擁有三個(gè)服務(wù):
1���、smbd: cifs,使用139、445端口.
2��、nmbd:提供NetBIOS支持�����,使用137端口.(NetBIOS已逐漸被DNS替代)
3�����、winbindd:提供針對windows2003/2008的用戶及族信息的解析功能。
winbindd服務(wù)需單獨(dú)安裝:yum -y insall samba-winbind 注:一般作為文件共享使用Samba�����,則只需要smbd服務(wù). samba服務(wù)軟件: 客戶端: samba-client
服務(wù)端: samba 服務(wù)腳本: /etc/rc.d/init.d/nmb
/etc/rc.d/init.d/smb 主配置文件:
/etc/samba/smb.conf samba用戶:
賬號:都是系統(tǒng)用戶, /etc/passwd.
密碼:samba服務(wù)自由密碼文件. 將系統(tǒng)用戶添加為samba的命令:smbpasswd
smbpasswd:
-a: 添加系統(tǒng)用戶為samba用戶
-d: 禁用指定用戶
-e: 啟用
-x: 刪除 不使用任何命令選項(xiàng)時(shí)可以用于修改Samba用戶的密碼. samba配置文件:
smb.conf,包括:
全局設(shè)定
特定共享的設(shè)定
家目錄
打印機(jī)
自定義共享 自定義共享:
[shared_name]
path = /path/to/share_directory
comment = Comment String
guest ok = {yes|no}
public = {yes|no}
writable = {yes|no}
read only = {yes|no}
write list = +GROUP_NAME
測試配置文件是否有語法錯(cuò)誤,以及顯示最終生效的配置:
# testparm
注:共享權(quán)限和文件系統(tǒng)權(quán)限二者缺一不可.必須都擁有寫權(quán)限才能寫入. 可使用setfacl和getfacl命令對用戶授權(quán)��! ******************實(shí)操部分*****************
Samba服務(wù)安裝配置: 準(zhǔn)備環(huán)境: 系統(tǒng): CentOS6.7 x 2臺
windows 7 x 1臺.
IP: 10.68.7.102 -- CentOS 7-102
10.68.7.103 -- CentOS 7-103
10.68.7.80 -- Windows 實(shí)驗(yàn)要求: 1)Win主機(jī)當(dāng)服務(wù)端���,Linux主機(jī)當(dāng)客戶端���;Win主機(jī)共享一個(gè)目錄,使Linux主機(jī)能夠訪問到�����;
a.并且在Windows主機(jī)新建兩個(gè)系統(tǒng)用戶user1和user2���; b.這兩用戶從Linux主機(jī)登錄,實(shí)現(xiàn)user1有上傳下載文件的權(quán)限����,user2只能讀取共享文件。 c.最后,基于掛載的方式訪問共享目錄. 2)Linux主機(jī)7-103當(dāng)服務(wù)端����,Win主機(jī)和Linux主機(jī)7-102當(dāng)客戶端 建立samba共享,共享目錄為/data,要求:
a.共享名為shared, 工作組為WORKSTATION;
b.添加組develop,添加用戶gentoo,centos,ubuntu;其中g(shù)entoo和centos 以develop為附加 組����,Ubuntu不屬于develop組,密碼一致��。
c.添加samba用戶gentoo,centos和Ubuntu����,密碼為各自用戶名;
d.此samba共享文件shared僅允許develop組具有寫權(quán)限,其他用戶只能以只讀方式訪問;
e.此samba共享服務(wù)僅允許來自于10.68.7.0/24網(wǎng)絡(luò)主機(jī)訪問. f.需用Linux客戶端和windows客戶端均驗(yàn)證成功���。
1.1 在Linux客戶端安裝samba client軟件: [root@7-102 ~]# yum -y install samba-client
[root@7-102 ~]# rpm -qa |grep samba* //查看安裝的samba服務(wù)客戶端軟件.
samba-winbind-clients-3.6.23-20.el6.x86_64
samba-winbind-3.6.23-20.el6.x86_64
samba-client-3.6.23-20.el6.x86_64
samba-common-3.6.23-20.el6.x86_64
[root@7-102 ~]# rpm -ql samba-client |grep "smbclient" //smbclient為客戶端工具.
/usr/bin/smbclient
/usr/share/man/man1/smbclient.1.gz
[root@7-102 ~]#
1.2 在Windows服務(wù)端創(chuàng)建共享目錄 1.創(chuàng)建要共享的目錄test:  2. 創(chuàng)建兩個(gè)系統(tǒng)用戶user1和user2:  3. 設(shè)置共享: 
4. 添加用戶user1對于該共享目錄具有讀寫的權(quán)限�,即完全控制權(quán)限�����;user2對于該共享目錄只讀.
  5. 查看windows服務(wù)端計(jì)算機(jī)所屬工作組: 
1.3 進(jìn)入Linux端samba配置文件: [root@7-102 ~]# vim /etc/samba/smb.conf
...
57 [global]
74 workgroup = WORKSTATION //此處修改為windows服務(wù)端計(jì)算機(jī)所屬工作組.
75 server string = Samba Server Version %v
1.4 然后開始驗(yàn)證實(shí)驗(yàn)結(jié)果: 1. 在Linux客戶端交互式訪問共享的數(shù)據(jù)目錄test_file: [root@7-102 ~]# smbclient -L 10.68.7.80 -U user1
Enter user1's password:
Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1]
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk 遠(yuǎn)程管理
C$ Disk 默認(rèn)共享
IPC$ IPC 遠(yuǎn)程 IPC
test_file Disk
Users Disk
session request to 10.68.7.80 failed (Called name not present)
session request to 10 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled -- no workgroup available
[root@7-102 ~]#
2. 使用用戶user1從Linux客戶端登錄samba共享目錄并上傳文件/etc/fstab: [root@7-102 ~]# smbclient //10.68.7.80/test_file -U user1
Enter user1's password:
Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1]
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (393.0 kb/s) (average 393.1 kb/s)
smb: \> ls
. D 0 Fri Nov 25 05:02:37 2016
.. D 0 Fri Nov 25 05:02:37 2016
fstab A 805 Fri Nov 25 05:02:37 2016
51148 blocks of size 2097152. 40843 blocks available
smb: \>
3. 在windows服務(wù)端查看用戶user1上傳的文件fstab: 
4. 使用用戶user2查看并上傳文件����,上傳失敗則驗(yàn)證成功: [root@7-102 ~]# smbclient //10.68.7.80/test_file -U user2
Enter user2's password:
Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1]
smb: \> ls
. D 0 Fri Nov 25 05:02:37 2016
.. D 0 Fri Nov 25 05:02:37 2016
fstab A 805 Fri Nov 25 05:02:37 2016
51148 blocks of size 2097152. 40843 blocks available
smb: \> lcd /etc
smb: \> put inittab
NT_STATUS_ACCESS_DENIED opening remote file \inittab //提示上傳被拒絕.
smb: \>
1.5 基于掛載的方式訪問共享目錄: [root@7-102 ~]# mkdir /mnt/test
[root@7-102 ~]# mount -t cifs //10.68.7.80/test_file /mnt/test -o username=user1,password=user1
[root@7-102 ~]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 58G 2.9G 52G 6% /
tmpfs tmpfs 932M 0 932M 0% /dev/shm
/dev/sda1 ext4 7.5G 53M 7.1G 1% /boot
/dev/sr0 iso9660 3.7G 3.7G 0 100% /media
//10.68.7.80/test_file
cifs 100G 21G 80G 21% /mnt/test
[root@7-102 ~]#
END
2.1 建立共享samba目錄文件,創(chuàng)建工作組,添加用戶: [root@7-103 ~]# mkdir -pv /data/shared
mkdir: created directory `/data'
mkdir: created directory `/data/shared'
[root@7-103 ~]# groupadd develop
[root@7-103 ~]# useradd -G develop gentoo //-G<群組>:指定用戶所屬的附加群組�����;
[root@7-103 ~]# useradd -G develop centos
[root@7-103 ~]# useradd ubuntu
[root@7-103 ~]# echo gentoo |passwd --stdin gentoo
Changing password for user gentoo.
passwd: all authentication tokens updated successfully.
[root@7-103 ~]# echo cnetos |passwd --stdin centos
Changing password for user centos.
passwd: all authentication tokens updated successfully.
[root@7-103 ~]# echo ubuntu |passwd --stdin ubuntu
Changing password for user ubuntu.
passwd: all authentication tokens updated successfully.
2.2 在Linux服務(wù)端安裝samba server軟件: [root@7-103 ~]# yum -y install samba
[root@7-103 ~]# rpm -qa samba*
samba-winbind-clients-3.6.23-20.el6.x86_64
samba-common-3.6.23-20.el6.x86_64
samba-winbind-3.6.23-20.el6.x86_64
samba-3.6.23-20.el6.x86_64
[root@7-103 ~]#
2.3 添加samba用戶gentoo,centos和Ubuntu����,密碼為各自用戶名: [root@7-103 ~]# smbpasswd -a gentoo
New SMB password:
Interrupted by signal.
[root@7-103 ~]# smbpasswd -a gentoo
New SMB password:
Retype new SMB password:
Added user gentoo.
[root@7-103 ~]# smbpasswd -a centos
New SMB password:
Retype new SMB password:
Added user centos.
[root@7-103 ~]# smbpasswd -a ubuntu
New SMB password:
Retype new SMB password:
Added user ubuntu.
[root@7-103 ~]#
2.4 在samba配置文件進(jìn)行配置: [root@7-103 ~]# vim /etc/samba/smb.conf
1
2 [global]
3
4 workgroup = WORKSTATION //設(shè)置工作組為WORKSTATION.
5 server string = Samba Server Version %v
6
7 ; netbios name = MYSERVER
8
9 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
10 ; hosts allow = 10.68.7. //此處僅允許10.68.7.0/24網(wǎng)段主機(jī)訪問.
11
12
13 # logs split per machine
14 log file = /var/log/samba/log.%m
15 # max 50KB per log file, then rotate
16 max log size = 50
17
18
19 security = user //安全級別,user表示需由本服務(wù)器驗(yàn)證用戶名及密碼.
20 passdb backend = tdbsam
//該項(xiàng)表示samba用戶密碼以tdbsam格式保存,安全性很高.
21
22
23
24
25 ; security = domain
26 ; passdb backend = tdbsam
27 ; realm = MY_REALM
28
29 ; password server = <NT-Server-Name>
30
31 ; security = user
32 ; passdb backend = tdbsam
33
34 ; domain master = yes
35 ; domain logons = yes
36
37 # the login script name depends on the machine name
38 ; logon script = %m.bat
39 # the login script name depends on the unix user used
40 ; logon script = %u.bat
41 ; logon path = \\%L\Profiles\%u
42 # disables profiles support by specifing an empty path
43 ; logon path =
44
45 ; add user script = /usr/sbin/useradd "%u" -n -g users
46 ; add group script = /usr/sbin/groupadd "%g"
47 ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
48 ; delete user script = /usr/sbin/userdel "%u"
49 ; delete user from group script = /usr/sbin/userdel "%u" "%g"
50 ; delete group script = /usr/sbin/groupdel "%g"
51
52
53 ; local master = no
54 ; os level = 33
55 ; preferred master = yes
56
57
58 ; wins support = yes
59 ; wins server = w.x.y.z
60 ; wins proxy = yes
61
62 ; dns proxy = yes
63
64
65 load printers = yes
66 cups options = raw
67
68 ; printcap name = /etc/printcap
69 #obtain list of printers automatically on SystemV
70 ; printcap name = lpstat
71 ; printing = cups
72
73
74 ; map archive = no
75 ; map hidden = no
76 ; map read only = no
77 ; map system = no
78 ; store dos attributes = yes
79
80
81
82 [homes]
83 comment = Home Directories
84 browseable = no
85 writable = yes
86 ; valid users = %S
87 ; valid users = MYDOMAIN\%S
88
89 [printers]
90 comment = All Printers
91 path = /var/spool/samba
92 browseable = no
93 guest ok = no
94 writable = no
95 printable = yes
96
97 ; [netlogon]
98 ; comment = Network Logon Service
99 ; path = /var/lib/samba/netlogon
100 ; guest ok = yes
101 ; writable = no
102 ; share modes = no
103
104
105 ; [Profiles]
106 ; path = /var/lib/samba/profiles
107 ; browseable = no
108 ; guest ok = yes
109
110
111 ; [public]
112 ; comment = Public Stuff
113 ; path = /home/samba
114 ; public = yes
115 ; writable = yes
116 ; printable = no
117 ; write list = +staff
118
119 //自定義共享:
120 [shared]
121 comment = shared test file
122 path = /data/shared
123 writable = yes
124 guest ok = yes
注:關(guān)于samba配置文件的詳細(xì)解釋�����,可參考如下這篇博客:
http://10166561.blog.51cto.com/10156561/1683136
2.5 測試配置文件是否有語法錯(cuò)誤,以及顯示最終生效的配置: [root@7-103 ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = WORKSTATION
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[shared]
comment = shared test file
path = /data/shared
read only = No
guest ok = Yes
[root@7-103 ~]#
2.6 啟動samba服務(wù): [root@7-103 ~]# service smb start;service nmb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@7-103 ~]#
2.7 配置共享文件權(quán)限: [root@7-103 ~]# setfacl -m group:develop:rwx /data/shared
[root@7-103 ~]# set -m user:ubuntu:rx /data/shared
[root@7-103 ~]# ls -ld /data/shared
drwxrwxr-x+ 3 root root 4096 Sep 21 04:55 /data/shared
[root@7-103 ~]#
注:共享權(quán)限和文件系統(tǒng)權(quán)限二者缺一不可.必須都擁有寫權(quán)限才能寫入. 2.8 交互式數(shù)據(jù)訪問: [root@7-102 ~]# smbclient -L 10.68.7.103 -U gentoo
Enter gentoo's password:
Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Sharename Type Comment
--------- ---- -------
shared Disk shared test file
IPC$ IPC IPC Service (Samba Server Version 3.6.23-20.el6)
gentoo Disk Home Directories
Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Server Comment
--------- -------
7-103 Samba Server Version 3.6.23-20.el6
Workgroup Master
--------- -------
WORKSTATION 7-103
[root@7-102 ~]#
2.9 測試結(jié)果 首先以一臺Linux 7-102客戶端分別用centos和Ubuntu用戶登錄samba服務(wù)�����,前者可上傳文件��,后者則只讀: [root@7-102 ~]# smbclient //10.68.7.103/shared -U centos
Enter centos's password:
Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \> ls
. D 0 Wed Sep 21 01:54:46 2016
.. D 0 Wed Sep 21 01:54:46 2016
58930 blocks of size 1048576. 53326 blocks available
smb: \>
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (262.0 kb/s) (average 262.0 kb/s)
smb: \> ls
. D 0 Wed Sep 21 04:36:45 2016
.. D 0 Wed Sep 21 01:54:46 2016
fstab A 805 Wed Sep 21 04:36:45 2016
58930 blocks of size 1048576. 53326 blocks available
smb: \>
[root@7-102 ~]# smbclient //10.68.7.103/shared -U ubuntu
Enter ubuntu's password:
Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \>
smb: \> ls
. D 0 Wed Sep 21 04:36:45 2016
.. D 0 Wed Sep 21 01:54:46 2016
fstab A 805 Wed Sep 21 04:36:45 2016
58930 blocks of size 1048576. 53326 blocks available
smb: \> lcd /etc
smb: \> put inittab
NT_STATUS_ACCESS_DENIED opening remote file \inittab
smb: \>
注: # smbclient //10.68.7.103/shared -U centos //此處填寫共享文件���,不能包括共享
文件的上級目錄.
3.0 在windows客戶端驗(yàn)證: 需要出現(xiàn)的結(jié)果是,用gentoo用戶登錄訪問共享目錄文件�,可創(chuàng)建文件:    3.1 用Ubuntu用戶登錄訪問共享目錄,創(chuàng)建文件被拒絕�,僅能讀取:  結(jié)果驗(yàn)證成功!
|
