Linux下部署Samba服务环境的操作记录 - 散尽浮华 - 博客园 (cnblogs.com)
Linux下部署Samba服务环境的操作记录
关于Linux和Windows系统之间的文件传输,很多人选择使用FTP,相对较安全,但是有时还是会出现一些问题,比如上传文件时,文件名莫名出现乱码,文件大小改变等问题。相比较来说,使用Samba作为文件共享,就省事简洁多了。Samba服务器通信协议(Server Messages Block)就是是为了解决局域网内的文件或打印机等资源的共享服务问题,让多个主机之间共享文件变成越来越简单。下面简单介绍下,在Centos7下部署Samba服务的操作记录(测试机192.168.10.204):
1)安装Samba
[root@samba-server ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@samba-server ~]# rpm -qa|grep samba
[root@samba-server ~]# yum install -y samba2)安全角度考虑,需要设置防火墙策略(不要关闭防火墙)
# 添加samba服务到防火墙策略中
[root@samba-server ~]# firewall-cmd --add-service samba --permanent
success
# 重启防火墙
[root@samba-server ~]# firewall-cmd --reload
success
查看samba服务是否添加到防火墙中:
[root@samba-server ~]# firewall-cmd --list-all|grep samba
services: ssh dhcpv6-client samba
# 记住:一定要关闭selinux(否则会造成windows客户机连接Samba失败)
[root@samba-server ~]# vim /etc/sysconfig/selinux
.....
SELINUX=disabled[root@samba-server kevin]# setenforce 0
[root@samba-server kevin]# getenforce
Permissive3)配置Samba服务文件
[root@samba-server ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@samba-server ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global] //全局配置
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap` `name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users` `= %S, %D%w%S
browseable = No
read` `only = No
inherit acls = Yes
[printers] //共享打印机配置
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[kevin] //这个是共享文件夹标识,表示登录samba打开时显示的文件夹名称。配置了多少个共享文件夹标识,登录samba时就会显示多少文件夹。
comment = please do` `not modify it all will //comment是对该共享的描述,可以是任意字符串
path= /home/kevin` `//共享的路径
writable = yes` `//是否写入
public = no //是否公开
4)添加kevin账号(如上配置中添加的内容)
设置为不予许登入系统,且用户的家目录为 ``/home/kevin``(相当于虚拟账号)的kevin账号。
[root@samba-server ~]``# useradd -d /home/kevin -s /sbin/nologin kevin5)pdbedit 命令说明
pdbedit 命令用于管理Samba服务的帐户信息数据库,格式为:``"pdbedit [选项] 帐户"
第一次把用户信息写入到数据库时需要使用-a参数,以后修改用户密码、删除用户等等操作就不再需要了。
pdbedit -L :查看samba用户
pdbedit -a -u user:添加samba用户
pdbedit -r -u user:修改samba用户信息
pdbedit -x -u user:删除samba用户
samba服务数据库的密码也可以用 smbpasswd 命令 操作
smbpasswd -a user:添加一个samba用户
smbpasswd -d user:禁用一个samba用户
smbpasswd -e user:恢复一个samba用户
smbpasswd -x user:删除一个samba用户6)将kevin添加为samba用户
[root@samba-server ~]``# id kevin
uid=1001(kevin) gid=1001(kevin) ``groups``=1001(kevin)
[root@samba-server ~]``# pdbedit -a -u kevin
new password: ``//``设置kevin使用的samba账号密码,比如123456
retype new password: ``//``确认密码
Unix username: kevin
NT username:
Account Flags: [U ]
User SID: S-1-5-21-33923925-2092173964-3757452328-1000
Primary Group SID: S-1-5-21-33923925-2092173964-3757452328-513
Full Name:
Home Directory: \\samba-server\kevin
HomeDir Drive:
Logon Script:
Profile Path: \\samba-server\kevin\profile
Domain: SAMBA-SERVER
Account desc:
Workstations:
Munged dial:
Logon ``time``: 0
Logoff ``time``: Wed, 06 Feb 2036 23:06:39 CST
Kickoff ``time``: Wed, 06 Feb 2036 23:06:39 CST
Password last ``set``: Mon, 12 Mar 2018 18:07:58 CST
Password can change: Mon, 12 Mar 2018 18:07:58 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
接着修改samba用户的家目录权限
[root@samba-server ~]``# chown -Rf kevin.kevin /home/kevin7)启动Samba服务
[root@samba-server ~]``# systemctl start smb
[root@samba-server ~]``# systemctl enable smb
Created ``symlink` `from ``/etc/systemd/system/multi-user``.target.wants``/smb``.service to ``/usr/lib/systemd/system/smb``.service.
[root@samba-server ~]``# systemctl restart smb
[root@samba-server ~]``# systemctl status smb
● smb.service - Samba SMB Daemon
``Loaded: loaded (``/usr/lib/systemd/system/smb``.service; enabled; vendor preset: disabled)
``Active: active (running) since Mon 2018-03-12 18:11:20 CST; 3s ago
``Main PID: 977 (smbd)
``Status: ``"smbd: ready to serve connections..."
``CGroup: ``/system``.slice``/smb``.service
``├─977 ``/usr/sbin/smbd
``├─978 ``/usr/sbin/smbd
``├─979 ``/usr/sbin/smbd
``└─980 ``/usr/sbin/smbd
Mar 12 18:11:19 samba-server systemd[1]: Starting Samba SMB Daemon...
Mar 12 18:11:19 samba-server systemd[1]: smb.service: Supervising process 977 ``which` `is not our child. We'll most likely not... exits.
Mar 12 18:11:20 samba-server smbd[977]: [2018``/03/12` `18:11:20.065982, 0] ..``/lib/util/become_daemon``.c:124(daemon_ready)
Mar 12 18:11:20 samba-server systemd[1]: Started Samba SMB Daemon.
Mar 12 18:11:20 samba-server smbd[977]: STATUS=daemon ``'smbd'` `finished starting up and ready to serve connections
Hint: Some lines were ellipsized, use -l to show ``in` `full.8)开始测试
先往共享路径/home/kevin里添加点内容
[root@samba-server kevin]``# touch test1 test2 test3
[root@samba-server kevin]``# mkdir a1 a2 a3
[root@samba-server kevin]``# ls
a1 a2 a3 test1 test2 test3接着再windos 客户机本地测试。”Win+E键”打开,在最上面的”网络”地址栏输入“\192.168.10.204”,然后回车,输入上面设置的samba账号kevin及其密码,就能共享到linux上的/home/kevin下的文件了
如果在windows客户机上连接Samba出现网络错误:Windows 无法访问\192.168.10.204\kevin,解决办法如下:
查看上下文的安全关系
[root@samba-server ~]``# semanage kevin -a -t samba_share_t /home/kevin/
-``bash``: semanage: ``command` `not found
如果系统出现上面的报错 ,说明你系统里没有安装 semanage命令,下面开始安装semanage:
[root@samba-server ~]``# yum provides /usr/sbin/semanage
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
``* base: mirror.0x.sg
``* epel: mirror.dmmlabs.jp
``* extras: mirror.0x.sg
``* updates: mirror.0x.sg
policycoreutils-python-2.5-17.1.el7.x86_64 : SELinux policy core python utilities ``//``这个是安装包
Repo : base
Matched from:
Filename :
[root@samba-server ~]``# yum install -y policycoreutils-python
然后再执行一次,执行完成后,不要忘了刷新上下文关系
[root@samba-server ~]``# semanage fcontext -a -t samba_share_t /home/kevin
[root@samba-server ~]``# restorecon -Rv /home/kevin
允许SElinux对于SMB用户共享家目录的布尔值
重启Samba
[root@samba-server ~]``# systemctl restart smb如何在windows本机访问samba时用切换另一个用户登录
方法如下:
按键win+r,打开"运行",输入"cmd"
输入命令"net use * /delete",接着输入"Y",即先取消所有的net 连接
输入切换账号的命令"net use \\192.168.10.204\IPC$ grace@123 /user:grace",即表示切换到grace账号(密码为grace@123)重置samba账号密码
[root@samba-server ~]``# smbpasswd -a kevin //即重置kevin密码重启samba服务
[root@localhost ~]# /etc/init.d/smbd restart
