知乎专栏 | 多维度架构 |
apt install samba
/etc/samba/smb.conf 将 Home 目录修改为可写模式
[homes] read only = no
添加用户
sudo smbpasswd -L -a backup
配置共享目录
[backup] path = /opt/backup public = yes writable = yes valid users = backup
服务器端
[root@netkiller ~]# dnf install -y samba [root@netkiller ~]# cp /etc/samba/smb.conf{,.original} [root@netkiller ~]# systemctl enable smb [root@netkiller ~]# systemctl start smb
客户端
[root@netkiller ~]# dnf install -y samba-client
配置防火墙
[root@netkiller ~]# firewall-cmd --permanent --add-service=samba [root@netkiller ~]# firewall-cmd --reload
[root@netkiller ~]# dnf install -y cifs-utils
环境 ubuntu 17.10
$ sudo apt install samba
查看Samba 服务器的端口
neo@shenzhen:~$ sudo netstat -tlnp |grep smb tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 4480/smbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 4480/smbd neo@shenzhen:~$
# yum -y install samba # service smbd start
smbpasswd
[root@development ~]# sudo smbpasswd -L -a neo
smb.conf
#============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S [developer] comment = Developer Stuff path = /var/www/html public = yes writable = yes printable = no write list = +apache
yum install -y samba cp /etc/samba/smb.conf{,.original} systemctl enable smb systemctl start smb
防火墙
firewall-cmd --permanent --add-port=137/tcp firewall-cmd --permanent --add-port=138/tcp firewall-cmd --permanent --add-port=139/tcp firewall-cmd --permanent --add-port=445/tcp firewall-cmd --permanent --add-port=901/tcp firewall-cmd --reload
iptables -L
security = share|user 共享|用户模式
comment = 描述 valid users = '%S'登录用户,'neo'允许neo访问 read only = 'No'读写模式,'Yes'只读模式 browseable = 'No'不显示, 'Yes'显示
添加账号
[root@netkiller ~]# adduser finance [root@netkiller ~]# smbpasswd -a finance New SMB password: Retype new SMB password: Added user finance.
确认账号正确添加
[root@netkiller ~]# pdbedit -L finance:1000:
创建共享目录
[root@netkiller ~]# mkdir -p /opt/backup/finance [root@netkiller ~]# chown finance:finance /opt/backup/finance
配置 /etc/samba/smb.conf 文件
[finance] comment = Finance Stuff path = /opt/backup/finance browseable = yes writable = yes create mask = 0644 directory mask = 0755 valid users = neo write list = finance
匿名共享无需用户登陆,任何人都可以向该文件夹内写入和删除数据
编辑配置文件 /etc/samba/smb.conf
[global] 下增加 map to guest = Bad User
[global] workgroup = SAMBA security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw map to guest = Bad User
增加 [share] 配置项
[share] comment = File share path = /opt/backup/share browseable = Yes writable = Yes create mask = 0644 directory mask = 0755 guest ok = Yes public = Yes
完成的配置
[root@netkiller home]# cat /etc/samba/smb.conf # See smb.conf.example for a more detailed config file or # read the smb.conf manpage. # Run 'testparm' to verify the config is correct after # you modified it. [global] workgroup = SAMBA security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw map to guest = Bad User [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 [share] comment = File share path = /opt/backup/share browseable = Yes writable = Yes create mask = 0644 directory mask = 0755 guest ok = Yes public = Yes #read only = no #valid users = write list = share
# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No
# smbstatus Samba version 4.1.12 PID Username Group Machine ------------------------------------------------------------------- Service pid machine Connected at ------------------------------------------------------- No locked files
链接共享目录后再次查看
# smbstatus Samba version 4.1.12 PID Username Group Machine ------------------------------------------------------------------- 12507 www www 192.168.4.69 (ipv4:192.168.4.69:65102) Service pid machine Connected at ------------------------------------------------------- www 12507 192.168.4.69 Wed Sep 23 01:34:44 2015 IPC$ 12507 192.168.4.69 Wed Sep 23 01:34:43 2015 Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 12507 80 DENY_NONE 0x100081 RDONLY NONE /www SOA Wed Sep 23 02:01:22 2015 12507 80 DENY_NONE 0x100081 RDONLY NONE /www SOA/queue Wed Sep 23 02:01:22 2015 12507 80 DENY_NONE 0x100081 RDONLY NONE /www . Wed Sep 23 01:37:53 2015 12507 80 DENY_NONE 0x100081 RDONLY NONE /www . Wed Sep 23 01:58:22 2015
# smbpasswd -a www New SMB password: Retype new SMB password: Added user www.
<![CDATA[ $ nmblookup -A 172.16.0.5 Looking up status of 172.16.0.5 USER <00> - B <ACTIVE> WORKGROUP <00> - <GROUP> B <ACTIVE> USER <20> - B <ACTIVE> WORKGROUP <1e> - <GROUP> B <ACTIVE> WORKGROUP <1d> - B <ACTIVE> ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> MAC Address = 00-25-64-A7-18-97
[root@netkiller ~]# dnf install -y cifs-utils
挂载匿名共享目录
[root@netkiller ~]# mount -t cifs //192.168.30.7/share /mnt
或者
[root@netkiller ~]# mount.cifs //192.168.30.7/share /mnt
挂载用户共享目录
[root@netkiller ~]# mount.cifs -o user=developer,password=123456 //192.168.30.7/developer /mnt
[root@netkiller ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Fri Dec 17 08:19:10 2021 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=ecdc2a0e-e6cf-40bf-83eb-85788baaced3 / xfs defaults 0 0 UUID=3064c079-b411-4992-ac37-6def07de0bfd /boot xfs defaults 0 0 UUID=7FBB-A83B /boot/efi vfat umask=0077,shortname=winnt 0 2 //192.168.30.7/share /mnt/share cifs auto,password= 0 0 //192.168.30.7/developer /mnt/developer cifs auto,username=developer,password=123456 0 0
挂载 /etc/fstab 中的配置项
[root@netkiller ~]# mount -a
sudo apt-get install smbfs
smbmount
$ sudo mkdir /mnt/winfs $ sudo smbmount //172.16.0.92/tmp /mnt/winfs $ ls /mnt/winfs/
使用neo帐号登录
$ sudo smbmount //172.16.0.92/tmp /mnt/winfs -o username=neo
mount
$ mount -t smbfs -o username=jwhittal \\\\172.16.1.3\\c$ /mnt/thumb
linux 不再使用smbfs, 替换为 cifs
$ mount -t cifs //192.168.0.2/ /mnt/
$ sudo apt-get install smbclient
neo@netkiller:~$ smbclient -L 172.16.0.1 Enter neo's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (netkiller server (Samba, Ubuntu)) www Disk www diretcory print$ Disk Printer Drivers neo Disk Home Directories Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0] Server Comment --------- ------- DEBIAN debian server NETKILLER netkiller server (Samba, Ubuntu) Workgroup Master --------- ------- WORKGROUP DEBIAN
访问developer共享目录
$ smbclient //localhost/developer Enter neo's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2] Server not using user level security and no password supplied. smb: \> ls . D 0 Thu Oct 29 02:05:37 2009 .. D 0 Thu Oct 22 05:27:16 2009 ofcard.php 1104 Tue Oct 27 02:00:49 2009 index.html 580 Thu Oct 29 02:05:37 2009 webapps D 0 Wed Oct 28 06:04:08 2009 ecmall D 0 Thu Oct 22 00:00:12 2009 doc D 0 Wed Oct 28 06:04:09 2009 supersite D 0 Thu Oct 22 03:35:08 2009 empire D 0 Thu Oct 22 02:56:12 2009 discuz D 0 Wed Oct 21 22:04:29 2009 resin-data D 0 Wed Oct 28 06:21:02 2009 phpMyAdmin D 0 Sat Oct 24 09:02:29 2009 empirecms6 D 0 Thu Oct 22 04:12:44 2009 ecshop D 0 Wed Oct 21 21:56:40 2009 watchdog-data D 0 Wed Oct 28 06:07:19 2009 ucenter D 0 Wed Oct 21 22:41:58 2009 ecshop.old D 0 Fri Oct 23 11:35:39 2009 magento D 0 Tue Oct 6 19:19:54 2009 weberp D 0 Fri Oct 23 05:21:33 2009 61335 blocks of size 131072. 41655 blocks available smb: \>
使用用户Neo登录
$ smbclient //localhost/developer -U neo Enter neo's password: Domain=[UBUNTU] OS=[Unix] Server=[Samba 3.3.2] smb: \> ls . D 0 Thu Oct 29 03:13:31 2009 .. D 0 Thu Oct 22 05:27:16 2009 ofcard.php 1104 Tue Oct 27 02:00:49 2009 index.html 676 Thu Oct 29 03:13:31 2009 webapps D 0 Wed Oct 28 06:04:08 2009 ecmall D 0 Thu Oct 22 00:00:12 2009 doc D 0 Wed Oct 28 06:04:09 2009 supersite D 0 Thu Oct 22 03:35:08 2009 empire D 0 Thu Oct 22 02:56:12 2009 discuz D 0 Wed Oct 21 22:04:29 2009 resin-data D 0 Wed Oct 28 06:21:02 2009 phpMyAdmin D 0 Sat Oct 24 09:02:29 2009 empirecms6 D 0 Thu Oct 22 04:12:44 2009 ecshop D 0 Wed Oct 21 21:56:40 2009 watchdog-data D 0 Wed Oct 28 06:07:19 2009 ucenter D 0 Wed Oct 21 22:41:58 2009 ecshop.old D 0 Fri Oct 23 11:35:39 2009 magento D 0 Tue Oct 6 19:19:54 2009 weberp D 0 Fri Oct 23 05:21:33 2009 61335 blocks of size 131072. 41654 blocks available smb: \> quit
Backup the /etc/samba/smb.conf file:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original
security = share
[tmp] comment = test writable = yes locking = yes path = /tmp public = yes [neo] comment = neo writable = yes locking = yes path = /home/neo/ public = yes [htdocs] comment = neo writable = yes locking = yes path = /opt/lampp/htdocs public = yes
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original
security = user
add user
sudo useradd -s /bin/true neo sudo smbpasswd -L -a neo
enable
sudo smbpasswd -L -e neo
del user
sudo smbpasswd -L -x neo
测试配置文件是否正确
$ testparm
查看共享目录
$ smbclient -L localhost -N Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers developer Disk Development IPC$ IPC IPC Service (ubuntu server (Samba, Ubuntu)) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2] Server Comment --------- ------- PRINTSERVER UBUNTU ubuntu server (Samba, Ubuntu) Workgroup Master --------- ------- WORKGROUP PRINTSERVER
Windows 访问测试
C:\>net view \\192.168.3.40 在 \\192.168.3.40 的共享资源 ubuntu server (Samba, Ubuntu) 共享名 类型 使用为 注释 ---------------------------------------------------------- developer Disk Development 命令运行完毕,但发生一个或多个错误。
'/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:11, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied [2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013) '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
关闭 SELinux