samba服务器的配置
################################################samba
1.作用:提供cifs协议实现lnuix与windows之间的文件共享
2.安装:
yum install samba samba-common samba-client -y
systemctl start smb nmb
systemctl enable smb nmb
systemctl stop firewalld
systemctl disable firewalld
yum install samba samba-common samba-client -y
systemctl start smb nmb
systemctl enable smb nmb
systemctl stop firewalld
systemctl disable firewalld
3.添加smb用户
smb用户必须是本地用户
smbpasswd -a student
New SMB password: ##输入smb环境中用户密码
Retype new SMB password: ##确认密码
Added user student.
pdbedit -L ##查看smb用户
pdbedit -x smb用户 ##删除smb用户
setsebool -P samba_enable_home_dirs on ##在selinux中设定smb用户可以访问自己的家目录
测试:
smbclient -L //172.25.19.11 ##匿名用户登录
smbclient -L //172.25.19.11/student -U student ##用户家目录登陆,结果显示不了
smbclient //172.25.19.11/student -U student ##用户家目录登陆
smb用户必须是本地用户
smbpasswd -a student
New SMB password: ##输入smb环境中用户密码
Retype new SMB password: ##确认密码
Added user student.
pdbedit -L ##查看smb用户
pdbedit -x smb用户 ##删除smb用户
setsebool -P samba_enable_home_dirs on ##在selinux中设定smb用户可以访问自己的家目录
测试:
smbclient -L //172.25.19.11 ##匿名用户登录
smbclient -L //172.25.19.11/student -U student ##用户家目录登陆,结果显示不了
smbclient //172.25.19.11/student -U student ##用户家目录登陆
4.共享目录的基本设定
mkdir /smbshare
vim /etc/samba/smb.conf
[lala]
common = local sambashare ##对共享目录的描述
path = /smbshare ##共享目录
当共享目录是用户自己建立时,需改目录的安全上下文:
semanage fcontent -a -t samba_share_t '/smbshare(/.*)?'
restorecon -RvvF /smbshare
当共享目录是系统目录时,需改samba布尔值:
setsebool -P samba_export_all_ro on ##只读共享
setsebool -P samba_export_all_rw on ##读写共享
测试:
smbclient //172.25.19.11/lala -U student
mkdir /smbshare
vim /etc/samba/smb.conf
[lala]
common = local sambashare ##对共享目录的描述
path = /smbshare ##共享目录
当共享目录是用户自己建立时,需改目录的安全上下文:
semanage fcontent -a -t samba_share_t '/smbshare(/.*)?'
restorecon -RvvF /smbshare
当共享目录是系统目录时,需改samba布尔值:
setsebool -P samba_export_all_ro on ##只读共享
setsebool -P samba_export_all_rw on ##读写共享
测试:
smbclient //172.25.19.11/lala -U student
5.samba参数设置
匿名用户访问:
vim /etc/samba/smb.conf
security = user
passdb backend = tdbsam
map to guest = bad user ##支持匿名用户登陆
。。
[lala]
common = local sambashare
path = /mnt ##共享目录为系统目录/mnt
guest ok = yes ##打开匿名用户登录
systemctl resatrt smb
测试:
smbclient //172.25.19.11/lala
匿名用户访问:
vim /etc/samba/smb.conf
security = user
passdb backend = tdbsam
map to guest = bad user ##支持匿名用户登陆
。。
[lala]
common = local sambashare
path = /mnt ##共享目录为系统目录/mnt
guest ok = yes ##打开匿名用户登录
systemctl resatrt smb
测试:
smbclient //172.25.19.11/lala
访问控制:
vim /etc/samba/smb.conf
[lala]
common = local sambashare
path = /mnt
hosts allow/deny = 172.25.19.10 ##仅允许/拒绝10主机访问
valid users = westos/@westos/+westos ##当前共享的有效用户/用户组/用户组
systemctl restart smb
测试:
smbclient //172.25.19.11/lala -U smb用户
vim /etc/samba/smb.conf
[lala]
common = local sambashare
path = /mnt
hosts allow/deny = 172.25.19.10 ##仅允许/拒绝10主机访问
valid users = westos/@westos/+westos ##当前共享的有效用户/用户组/用户组
systemctl restart smb
测试:
smbclient //172.25.19.11/lala -U smb用户
读写控制:
所有用户均可写
chmod o+w /mnt
setsebool -P samba_export_all_rw on
vim /etc/samba/smb.conf
[lala]
comment = local sambashare
path = /mnt
writable = yes
systemctl restart smb
测试:
mount -o username=westos,password=lala //172.25.19.11/lala /mnt
cd /mnt
touch file
mount -o username=student,password=lala //172.25.19.11/lala /mnt
所有用户均可写
chmod o+w /mnt
setsebool -P samba_export_all_rw on
vim /etc/samba/smb.conf
[lala]
comment = local sambashare
path = /mnt
writable = yes
systemctl restart smb
测试:
mount -o username=westos,password=lala //172.25.19.11/lala /mnt
cd /mnt
touch file
mount -o username=student,password=lala //172.25.19.11/lala /mnt
设定指定用户可写
vim /etc/samba/smb.conf
[lala]
comment = local sambashare
path = /mnt
writable = no
write list = student ##只有student可写
or write list = + westos ##westos组可写
systemctl restart smb
测试:
mount -o username=student,password=lala //172.25.19.11/lala /mnt
共享的超级用户指定:
chmod o-w /mnt
vim /etc/samba/smb.conf
[lala]
comment = local sambashare
path = /mnt
writable = yes
admin users = westos ##westos用户超级用户的写权限,建立的文件属于root
systemctl restart smb
测试:
mount -o username=westos,password=redhat //172.25.19.11/lala /mnt
chmod o-w /mnt
vim /etc/samba/smb.conf
[lala]
comment = local sambashare
path = /mnt
writable = yes
admin users = westos ##westos用户超级用户的写权限,建立的文件属于root
systemctl restart smb
测试:
mount -o username=westos,password=redhat //172.25.19.11/lala /mnt
6.samba多用户挂载
client:
yum install cifs-utils -y
vim /root/haha
username=student
password=lala
chmod 600 /root/haha
mount -o credentials=/root/haha,multiuser,sec=ntlmssp //172.25.19.11/lala /mnt
credentials=/root/haha ##指定挂载时所用到的用户文件
multiuser ##支持多用户挂载
sec=ntlmssp ##认证方式为标准smb认证方式
su - kiosk
ls /mnt/
ls: cannot access /mnt: Permission denied
cifscreds add -u westos 172.25.19.11
Password: ##smb用户westos的密码
ls /mnt ##可显示出结果
client:
yum install cifs-utils -y
vim /root/haha
username=student
password=lala
chmod 600 /root/haha
mount -o credentials=/root/haha,multiuser,sec=ntlmssp //172.25.19.11/lala /mnt
credentials=/root/haha ##指定挂载时所用到的用户文件
multiuser ##支持多用户挂载
sec=ntlmssp ##认证方式为标准smb认证方式
su - kiosk
ls /mnt/
ls: cannot access /mnt: Permission denied
cifscreds add -u westos 172.25.19.11
Password: ##smb用户westos的密码
ls /mnt ##可显示出结果