62.2. Samba

62.2.1. install Debian 12

apt install samba			

/etc/samba/smb.conf 将 Home 目录修改为可写模式

   read only = no			


sudo smbpasswd -L -a backup


	path = /opt/backup
    public = yes
    writable = yes
	valid users = backup CentOS 8 Stream / Rocky Linux 9.2


[root@netkiller ~]# dnf install -y samba	
[root@netkiller ~]# cp /etc/samba/smb.conf{,.original}
[root@netkiller ~]# systemctl enable smb
[root@netkiller ~]# systemctl start smb		


[root@netkiller ~]# dnf install -y samba-client			


[root@netkiller ~]# firewall-cmd --permanent --add-service=samba
[root@netkiller ~]# firewall-cmd --reload

[root@netkiller ~]# dnf install -y cifs-utils			 Ubuntu

环境 ubuntu 17.10

$ sudo apt install samba

查看Samba 服务器的端口

neo@shenzhen:~$ sudo netstat -tlnp |grep smb
tcp        0      0   *               LISTEN     4480/smbd
tcp        0      0   *               LISTEN     4480/smbd
neo@shenzhen:~$ CentOS 6

# yum -y install samba
# service smbd start


[root@development ~]# sudo smbpasswd -L -a neo		


#============================ Share Definitions ==============================

        comment = Home Directories
        browseable = no
        writable = yes
        valid users = %S

        comment = Developer Stuff
        path = /var/www/html
        public = yes
        writable = yes
        printable = no
        write list = +apache CentOS 7

yum install -y samba

cp /etc/samba/smb.conf{,.original}

systemctl enable smb
systemctl start smb firewall


firewall-cmd --permanent --add-port=137/tcp
firewall-cmd --permanent --add-port=138/tcp
firewall-cmd --permanent --add-port=139/tcp
firewall-cmd --permanent --add-port=445/tcp
firewall-cmd --permanent --add-port=901/tcp

firewall-cmd --reload

iptables -L SELinux Configuration

setsebool -P samba_enable_home_dirs on
chcon -t samba_share_t /home/samba

/home/samba 改为你共享的目录

62.2.2. smb.conf

security = share|user 共享|用户模式

comment = 描述
valid users = '%S'登录用户,'neo'允许neo访问
read only = 'No'读写模式,'Yes'只读模式
browseable = 'No'不显示, 'Yes'显示 Security consideration

interfaces = lo, eth0
bind interfaces only = true 共享目录


[root@netkiller ~]# adduser finance
[root@netkiller ~]# smbpasswd -a finance
New SMB password:
Retype new SMB password:
Added user finance.


[root@netkiller ~]# pdbedit -L


[root@netkiller ~]# mkdir -p /opt/backup/finance
[root@netkiller ~]# chown finance:finance  /opt/backup/finance

配置 /etc/samba/smb.conf 文件

        comment = Finance Stuff
        path = /opt/backup/finance
        browseable = yes
        writable = yes
        create mask = 0644
		directory mask = 0755
		valid users = neo
        write list = finance			 匿名共享


编辑配置文件 /etc/samba/smb.conf

[global] 下增加 map to guest = Bad User

	workgroup = SAMBA
	security = user

	passdb backend = tdbsam

	printing = cups
	printcap name = cups
	load printers = yes
	cups options = raw
	map to guest = Bad User 			

增加 [share] 配置项

        comment = File share
        path = /opt/backup/share
        browseable = Yes
        writable = Yes
        create mask = 0644
        directory mask = 0755
		guest ok = Yes 
		public = Yes			


[root@netkiller home]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

	workgroup = SAMBA
	security = user

	passdb backend = tdbsam

	printing = cups
	printcap name = cups
	load printers = yes
	cups options = raw
	map to guest = Bad User  

	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes

	comment = All Printers
	path = /var/tmp
	printable = Yes
	create mask = 0600
	browseable = No

	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @printadmin root
	force group = @printadmin
	create mask = 0664
	directory mask = 0775

        comment = File share
        path = /opt/backup/share
        browseable = Yes
        writable = Yes
        create mask = 0644
        directory mask = 0755
		guest ok = Yes 
		public = Yes
		#read only = no
        #valid users = 
        write list = share			 限制IP地址访问

hosts deny= 192.168.10.   ## 禁止IP 及 192.168.10.* 段IP访问

62.2.3. Samba 相关命令 testparm - check an smb.conf configuration file for internal correctness

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Press enter to see a dump of your service definitions

	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	idmap config * : backend = tdb
	cups options = raw

	comment = Home Directories
	read only = No
	browseable = No

	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	print ok = Yes
	browseable = No smbstatus - report on current Samba connections

# smbstatus 

Samba version 4.1.12
PID     Username      Group         Machine                        

Service      pid     machine       Connected at

No locked files


# smbstatus 

Samba version 4.1.12
PID     Username      Group         Machine                        
12507     www           www  (ipv4:

Service      pid     machine       Connected at
www          12507  Wed Sep 23 01:34:44 2015
IPC$         12507  Wed Sep 23 01:34:43 2015

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
12507        80         DENY_NONE  0x100081    RDONLY     NONE             /www   SOA   Wed Sep 23 02:01:22 2015
12507        80         DENY_NONE  0x100081    RDONLY     NONE             /www   SOA/queue   Wed Sep 23 02:01:22 2015
12507        80         DENY_NONE  0x100081    RDONLY     NONE             /www   .   Wed Sep 23 01:37:53 2015
12507        80         DENY_NONE  0x100081    RDONLY     NONE             /www   .   Wed Sep 23 01:58:22 2015 smbpasswd - change a user's SMB password

# smbpasswd -a www
New SMB password:
Retype new SMB password:
Added user www. nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names

$ nmblookup -A
Looking up status of
        USER            <00> -         B <ACTIVE>
        WORKGROUP       <00> - <GROUP> B <ACTIVE>
        USER            <20> -         B <ACTIVE>
        WORKGROUP       <1e> - <GROUP> B <ACTIVE>
        WORKGROUP       <1d> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>

        MAC Address = 00-25-64-A7-18-97

[root@netkiller ~]# dnf install -y cifs-utils			


[root@netkiller ~]# mount -t cifs // /mnt


[root@netkiller ~]# mount.cifs // /mnt			


[root@netkiller ~]# mount.cifs -o user=developer,password=123456 // /mnt
/etc/fstab 配置
[root@netkiller ~]# cat /etc/fstab 

# /etc/fstab
# Created by anaconda on Fri Dec 17 08:19:10 2021
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
UUID=ecdc2a0e-e6cf-40bf-83eb-85788baaced3 /                       xfs     defaults        0 0
UUID=3064c079-b411-4992-ac37-6def07de0bfd /boot                   xfs     defaults        0 0
UUID=7FBB-A83B          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
//		/mnt/share		cifs	auto,password=				0 0
//	/mnt/developer	cifs	auto,username=developer,password=123456 0 0				

挂载 /etc/fstab 中的配置项

[root@netkiller ~]# mount -a				
sudo apt-get install smbfs


$ sudo mkdir /mnt/winfs
$ sudo smbmount // /mnt/winfs
$ ls /mnt/winfs/


$ sudo smbmount // /mnt/winfs -o username=neo


$ mount -t smbfs -o username=jwhittal \\\\\\c$ /mnt/thumb

linux 不再使用smbfs, 替换为 cifs

$ mount -t cifs // /mnt/
	 smbclient - ftp-like client to access SMB/CIFS resources on servers

$ sudo apt-get install smbclient
$ smbclient -L
neo@netkiller:~$ smbclient -L
Enter neo's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (netkiller server (Samba, Ubuntu))
        www             Disk      www diretcory
        print$          Disk      Printer Drivers
        neo             Disk      Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.0]

        Server               Comment
        ---------            -------
        DEBIAN               debian server
        NETKILLER            netkiller server (Samba, Ubuntu)

        Workgroup            Master
        ---------            -------
        WORKGROUP            DEBIAN


$ smbclient //localhost/developer

Enter neo's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2]
Server not using user level security and no password supplied.
smb: \> ls
  .                                   D        0  Thu Oct 29 02:05:37 2009
  ..                                  D        0  Thu Oct 22 05:27:16 2009
  ofcard.php                                1104  Tue Oct 27 02:00:49 2009
  index.html                                 580  Thu Oct 29 02:05:37 2009
  webapps                             D        0  Wed Oct 28 06:04:08 2009
  ecmall                              D        0  Thu Oct 22 00:00:12 2009
  doc                                 D        0  Wed Oct 28 06:04:09 2009
  supersite                           D        0  Thu Oct 22 03:35:08 2009
  empire                              D        0  Thu Oct 22 02:56:12 2009
  discuz                              D        0  Wed Oct 21 22:04:29 2009
  resin-data                          D        0  Wed Oct 28 06:21:02 2009
  phpMyAdmin                          D        0  Sat Oct 24 09:02:29 2009
  empirecms6                          D        0  Thu Oct 22 04:12:44 2009
  ecshop                              D        0  Wed Oct 21 21:56:40 2009
  watchdog-data                       D        0  Wed Oct 28 06:07:19 2009
  ucenter                             D        0  Wed Oct 21 22:41:58 2009
  ecshop.old                          D        0  Fri Oct 23 11:35:39 2009
  magento                             D        0  Tue Oct  6 19:19:54 2009
  weberp                              D        0  Fri Oct 23 05:21:33 2009

                61335 blocks of size 131072. 41655 blocks available
smb: \>


$ smbclient //localhost/developer -U neo

Enter neo's password:
Domain=[UBUNTU] OS=[Unix] Server=[Samba 3.3.2]
smb: \> ls
  .                                   D        0  Thu Oct 29 03:13:31 2009
  ..                                  D        0  Thu Oct 22 05:27:16 2009
  ofcard.php                                1104  Tue Oct 27 02:00:49 2009
  index.html                                 676  Thu Oct 29 03:13:31 2009
  webapps                             D        0  Wed Oct 28 06:04:08 2009
  ecmall                              D        0  Thu Oct 22 00:00:12 2009
  doc                                 D        0  Wed Oct 28 06:04:09 2009
  supersite                           D        0  Thu Oct 22 03:35:08 2009
  empire                              D        0  Thu Oct 22 02:56:12 2009
  discuz                              D        0  Wed Oct 21 22:04:29 2009
  resin-data                          D        0  Wed Oct 28 06:21:02 2009
  phpMyAdmin                          D        0  Sat Oct 24 09:02:29 2009
  empirecms6                          D        0  Thu Oct 22 04:12:44 2009
  ecshop                              D        0  Wed Oct 21 21:56:40 2009
  watchdog-data                       D        0  Wed Oct 28 06:07:19 2009
  ucenter                             D        0  Wed Oct 21 22:41:58 2009
  ecshop.old                          D        0  Fri Oct 23 11:35:39 2009
  magento                             D        0  Tue Oct  6 19:19:54 2009
  weberp                              D        0  Fri Oct 23 05:21:33 2009

                61335 blocks of size 131072. 41654 blocks available
smb: \> quit smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives by Example

Backup the /etc/samba/smb.conf file:

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original

security = share

   comment = test
   writable = yes
   locking = yes
   path = /tmp
   public = yes

   comment = neo
   writable = yes
   locking = yes
   path = /home/neo/
   public = yes

   comment = neo
   writable = yes
   locking = yes
   path = /opt/lampp/htdocs
   public = yes

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original
security = user

add user

sudo useradd -s /bin/true neo
sudo smbpasswd -L -a neo


sudo smbpasswd -L -e neo

del user

sudo smbpasswd -L -x neo


$ testparm


$ smbclient -L localhost -N

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2]

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        developer       Disk      Development
        IPC$            IPC       IPC Service (ubuntu server (Samba, Ubuntu))
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.2]

        Server               Comment
        ---------            -------
        UBUNTU               ubuntu server (Samba, Ubuntu)

        Workgroup            Master
        ---------            -------
        WORKGROUP            PRINTSERVER


Windows 访问测试

C:\>net view \\
在 \\ 的共享资源

ubuntu server (Samba, Ubuntu)

共享名     类型  使用为  注释

developer  Disk  Development

62.2.4. FAQ smbd/service.c:make_connection_snum(1013)

  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:11, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
  '/www' does not exist or permission denied when connecting to [www] Error was Permission denied

关闭 SELinux