smaba

smaba

samba

1samba作用

提供cifs协议实现共享文件

2安装

yum install samba samba-common samba-client -y

systemctl start smb nmb

systemctl enable smb nmb

3添加smb用户

首先系统中要有用户

[root@westos ~]# id student

uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)

[root@westos ~]# smbpasswd -a student  创建smb用户

New SMB password:

Retype new SMB password:

Added user student.

[root@westos ~]# pdbedit -L  查看smb用户信息

student:1000:Student User

[root@westos ~]# pdbedit -x student  删除smb用户

[root@westos ~]# pdbedit -L

[root@westos ~]# setsebool -P samba_enable_home_dirs on  在selinux中可以访问自己的家目录

测试

[root@westos ~]# smbclient //172.25.254.114/student -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

.                                   D        0  Thu Jul 10 19:06:52 2014

..                                  D        0  Thu Jul 10 18:19:09 2014

.bash_logout                        H       18  Wed Jan 29 07:45:18 2014

.bash_profile                       H      193  Wed Jan 29 07:45:18 2014

.bashrc                             H      231  Wed Jan 29 07:45:18 2014

.ssh                               DH        0  Thu Jul 10 18:19:10 2014

.config                            DH        0  Thu Jul 10 19:06:53 2014

40913 blocks of size 262144. 28544 blocks available

4共享目录

[root@westos ~]# vim /etc/samba/smb.conf

[jj]                     共享名称

comment = local.public   对共享目录的描述

path = /mnt        共享目录的绝对路径

workgroup = WESTOS  共享目录的组

当共享目录为用户自建目录时

[root@westos mnt]# mkdir /smbshare

[root@westos mnt]# touch /smbshare/westosxxx

[root@westos mnt]# vim /etc/samba/smb.conf

[jj]

comment = local.public

path = /smbshare

[root@westos mnt]# setsebool -P samba_enable_home_dirs 0

[root@westos mnt]# semanage fcontext -a -t samba_share_t '/smbshare(/.*）？'

/etc/selinux/targeted/contexts/files/file_contexts.local:  line 4 has invalid regex /smbshare(/.*）？:  missing )

PCRE compilation failed for ^/smbshare(/.*）？$ at offset 21: missing )

libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local

/etc/selinux/targeted/contexts/files/file_contexts.local:  line 4 has invalid regex /smbshare(/.*）？:  missing )

PCRE compilation failed for ^/smbshare(/.*）？$ at offset 21: missing )

libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local

ValueError: Could not commit semanage transaction

[root@westos mnt]# restorecon -RvvF /smbshare

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

.                                   D        0  Sat Jun  3 02:36:48 2017

..                                  D        0  Sat Jun  3 02:36:38 2017

westosxxx                           N        0  Sat Jun  3 02:36:48 2017

40913 blocks of size 262144. 28544 blocks available

smb: \>

semanage fcontext -a -t samba_share_t '目录名称(/.*）？‘  配置安全上下文

restorecon -RvvF 目录名称

当共享目录为系统目录时

[root@westos ~]# touch /mnt/file{1..10}

[root@westos ~]# cd /mnt

[root@westos mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

.                                   D        0  Thu Jul 10 19:06:52 2014

..                                  D        0  Thu Jul 10 18:19:09 2014

.bash_logout                        H       18  Wed Jan 29 07:45:18 2014

.bash_profile                       H      193  Wed Jan 29 07:45:18 2014

.bashrc                             H      231  Wed Jan 29 07:45:18 2014

.ssh                               DH        0  Thu Jul 10 18:19:10 2014

.config                            DH        0  Thu Jul 10 19:06:53 2014

40913 blocks of size 262144. 28545 blocks available

smb: \>

[root@westos mnt]# setsebool -P samba_export_all_ro on  只读共享

[root@westos mnt]# setsebool -P samba_export_all_rw on  读写共享

[root@westos ~]# setsebool -P samba_enable_home_dirs on

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

.                                   D        0  Sat Jun  3 02:28:28 2017

..                                  D        0  Sat Jun  3 01:30:28 2017

file1                               N        0  Sat Jun  3 02:28:28 2017

file2                               N        0  Sat Jun  3 02:28:28 2017

file3                               N        0  Sat Jun  3 02:28:28 2017

file4                               N        0  Sat Jun  3 02:28:28 2017

file5                               N        0  Sat Jun  3 02:28:28 2017

file6                               N        0  Sat Jun  3 02:28:28 2017

file7                               N        0  Sat Jun  3 02:28:28 2017

file8                               N        0  Sat Jun  3 02:28:28 2017

file9                               N        0  Sat Jun  3 02:28:28 2017

file10                              N        0  Sat Jun  3 02:28:28 2017

40913 blocks of size 262144. 28545 blocks available

smb: \>

匿名用户登陆

[root@westos mnt]# smbclient //172.25.254.114/jj

Enter root's password:

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

[root@westos mnt]# vim /etc/samba/smb.conf

123         security = user

124         passdb backend = tdbsam

125         map to guest = bad user

321         [jj]

322         comment = local.public

323         path = /smbshare

324         guest ok = yes

[root@westos mnt]# systemctl  restart smb.service

[root@westos mnt]# smbclient //172.25.254.114/jj

Enter root's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

smb: \> ls

.                                   D        0  Sat Jun  3 02:36:48 2017

..                                  D        0  Sat Jun  3 02:36:38 2017

westosxxx                           N        0  Sat Jun  3 02:36:48 2017

40913 blocks of size 262144. 28545 blocks available

smb: \>

访问控制

hosts allow = 域名  仅允许

host deny = 域名  仅拒绝

[jj]

comment = local.public

path = /smbshare

valid users = westos    当前共享有效用户

valid users = +westos   当前共享有效用户组

valid users = @westos   当前共享有效用户组

[root@westos mnt]# smbclient //172.25.254.114/jj -U student

Enter student's password:

Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

tree connect failed: NT_STATUS_ACCESS_DENIED

所有用户均可写

服务器

[root@westos mnt]# vim /etc/samba/smb.conf

[jj]

comment = local.public

path = /mnt

writable = yes                是否可写

[root@westos mnt]# setsebool -P samba_export_all_rw on

[root@westos mnt]# chmod o+w /mnt

客机

[root@foundation14 ~]# mount -o username=student,password=westos //172.25.254.114/jj /mnt/  【smb共享目录】                   【smb用户名以及密码】

[root@foundation14 ~]# cd /mnt

[root@foundation14 mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj

[root@foundation14 mnt]# touch kill

[root@foundation14 mnt]# ls

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj  kill

[root@foundation14 mnt]#

指定用户可写

write list = student        可写用户

write list = +student       可写用户组

write list = @student

admin users = westos      共享超级用户指定

smb多用户挂载

在客机上【不在服务器】

[root@foundation14 ~]# vim /root/westos

username=student

password=westos

[root@foundation14 ~]# chmod 600 /root/westos

[root@foundation14 ~]# yum install cifs-utils -y

[root@foundation14 ~]# mount -o credentials=/root/westos,multiuser,sec=ntlmssp //172.25.254.114/jj /mnt/

credentials=/root/westos 指定挂载时的认证文件

sec=ntlmssp  smb认证方式

multiuser  支持多用户认证

测试

su - kiosk

ls /mnt

[kiosk@foundation14 ~]$ ls /mnt

ls: cannot access /mnt: Permission denied    没有认证无法访问

[kiosk@foundation14 ~]$ cifscreds add -u student 172.25.254.114  认证

Password:

[kiosk@foundation14 ~]$ ls /mnt

file1  file10  file2  file3  file4  file5  file6  file7  file8  file9  jj  kill

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。