******************理論部分*****************
Samba:
是一款在Linux/Unix系統(tǒng)上實(shí)現(xiàn)與windows系統(tǒng)進(jìn)行文件共享的免費(fèi)開(kāi)源軟件。廣泛應(yīng)用于Unix-like與Windows之間,提供文件共享和打印機(jī)共享服務(wù),使得不同系統(tǒng)之間跨平臺(tái)共享資源更加便捷.
Samba服務(wù):
由服務(wù)端及客戶(hù)端程序構(gòu)成,采用的是smb/cifs網(wǎng)絡(luò)協(xié)議。
SMB協(xié)議:
英文全稱(chēng)為 Server Message Block(服務(wù)協(xié)議塊),該通信協(xié)議是微軟公司和英特爾公司在1987年制定的協(xié)議,主要是作為Microsoft網(wǎng)絡(luò)的通訊協(xié)議。SMB協(xié)議是用在會(huì)話層和表示層以及小部分應(yīng)用層的協(xié)議。SMB協(xié)議使用NetBIOS的應(yīng)用程序接口(簡(jiǎn)稱(chēng)API)。另外,它是一個(gè)開(kāi)放性的協(xié)議,允許了協(xié)議擴(kuò)展——使得它變得更大而且復(fù)雜;后來(lái)微軟又把 SMB協(xié)議改名為CIFS協(xié)議(Common Internet File System),并且加入了許多新的特色。
NETBIOS協(xié)議:
全稱(chēng)為Network Basic Input/Output System,由IBM公司開(kāi)發(fā),Windows基于主機(jī)實(shí)現(xiàn)通信的機(jī)制,主要用于數(shù)十臺(tái)計(jì)算機(jī)的小型局域網(wǎng)。NetBIOS是跟局域網(wǎng)有關(guān)的網(wǎng)絡(luò)協(xié)議,從XP系統(tǒng)開(kāi)始,這個(gè)協(xié)議已經(jīng)集成在TCP/IP協(xié)議里面了,一般不需要單獨(dú)使用這個(gè)協(xié)議了;
DNS協(xié)議與NETBIOS協(xié)議的區(qū)別:
協(xié)議不同:DNS是基于tcp/ip協(xié)議的;NETBIOS是基于netbios協(xié)議的。
使用環(huán)境不同:DNS用于局域網(wǎng)和廣域網(wǎng),NETBIOS只能用于局域網(wǎng)
Samba用到的服務(wù)端口:
udp:137, 138
tcp:139, 445
Samba擁有三個(gè)服務(wù):
1、smbd: cifs,使用139、445端口.
2、nmbd:提供NetBIOS支持,使用137端口.(NetBIOS已逐漸被DNS替代)
3、winbindd:提供針對(duì)windows2003/2008的用戶(hù)及族信息的解析功能。
winbindd服務(wù)需單獨(dú)安裝:yum -y insall samba-winbind
注:一般作為文件共享使用Samba,則只需要smbd服務(wù).
samba服務(wù)軟件:
客戶(hù)端: samba-client
服務(wù)端: samba
服務(wù)腳本:
/etc/rc.d/init.d/nmb
/etc/rc.d/init.d/smb
主配置文件:
/etc/samba/smb.conf
samba用戶(hù):
賬號(hào):都是系統(tǒng)用戶(hù), /etc/passwd.
密碼:samba服務(wù)自由密碼文件.
將系統(tǒng)用戶(hù)添加為samba的命令:smbpasswd
smbpasswd:
-a: 添加系統(tǒng)用戶(hù)為samba用戶(hù)
-d: 禁用指定用戶(hù)
-e: 啟用
-x: 刪除
不使用任何命令選項(xiàng)時(shí)可以用于修改Samba用戶(hù)的密碼.
samba配置文件:
smb.conf,包括:
全局設(shè)定
特定共享的設(shè)定
家目錄
打印機(jī)
自定義共享
自定義共享:
[shared_name]
path = /path/to/share_directory
comment = Comment String
guest ok = {yes|no}
public = {yes|no}
writable = {yes|no}
read only = {yes|no}
write list = +GROUP_NAME
測(cè)試配置文件是否有語(yǔ)法錯(cuò)誤,以及顯示最終生效的配置:
# testparm
注:共享權(quán)限和文件系統(tǒng)權(quán)限二者缺一不可.必須都擁有寫(xiě)權(quán)限才能寫(xiě)入.
可使用setfacl和getfacl命令對(duì)用戶(hù)授權(quán)!
******************實(shí)操部分*****************
Samba服務(wù)安裝配置:
準(zhǔn)備環(huán)境:
系統(tǒng): CentOS6.7 x 2臺(tái)
windows 7 x 1臺(tái).
IP: 10.68.7.102 -- CentOS 7-102
10.68.7.103 -- CentOS 7-103
10.68.7.80 -- Windows
實(shí)驗(yàn)要求:
1)Win主機(jī)當(dāng)服務(wù)端,Linux主機(jī)當(dāng)客戶(hù)端;Win主機(jī)共享一個(gè)目錄,使Linux主機(jī)能夠訪問(wèn)到;
a.并且在Windows主機(jī)新建兩個(gè)系統(tǒng)用戶(hù)user1和user2;
b.這兩用戶(hù)從Linux主機(jī)登錄,實(shí)現(xiàn)user1有上傳下載文件的權(quán)限,user2只能讀取共享文件。
c.最后,基于掛載的方式訪問(wèn)共享目錄.
2)Linux主機(jī)7-103當(dāng)服務(wù)端,Win主機(jī)和Linux主機(jī)7-102當(dāng)客戶(hù)端
建立samba共享,共享目錄為/data,要求:
a.共享名為shared, 工作組為WORKSTATION;
b.添加組develop,添加用戶(hù)gentoo,centos,ubuntu;其中g(shù)entoo和centos
以develop為附加 組,Ubuntu不屬于develop組,密碼一致。
c.添加samba用戶(hù)gentoo,centos和Ubuntu,密碼為各自用戶(hù)名;
d.此samba共享文件shared僅允許develop組具有寫(xiě)權(quán)限,其他用戶(hù)只能以只讀方式訪問(wèn);
e.此samba共享服務(wù)僅允許來(lái)自于10.68.7.0/24網(wǎng)絡(luò)主機(jī)訪問(wèn).
f.需用Linux客戶(hù)端和windows客戶(hù)端均驗(yàn)證成功。
1.1 在Linux客戶(hù)端安裝samba client軟件:
[root@7-102 ~]# yum -y install samba-client [root@7-102 ~]# rpm -qa |grep samba* //查看安裝的samba服務(wù)客戶(hù)端軟件. samba-winbind-clients-3.6.23-20.el6.x86_64 samba-winbind-3.6.23-20.el6.x86_64 samba-client-3.6.23-20.el6.x86_64 samba-common-3.6.23-20.el6.x86_64 [root@7-102 ~]# rpm -ql samba-client |grep "smbclient" //smbclient為客戶(hù)端工具. /usr/bin/smbclient /usr/share/man/man1/smbclient.1.gz [root@7-102 ~]#
1.2 在Windows服務(wù)端創(chuàng)建共享目錄
1.創(chuàng)建要共享的目錄test:
2. 創(chuàng)建兩個(gè)系統(tǒng)用戶(hù)user1和user2:
3. 設(shè)置共享:
4. 添加用戶(hù)user1對(duì)于該共享目錄具有讀寫(xiě)的權(quán)限,即完全控制權(quán)限;user2對(duì)于該共享目錄只讀.
5. 查看windows服務(wù)端計(jì)算機(jī)所屬工作組:
1.3 進(jìn)入Linux端samba配置文件:
[root@7-102 ~]# vim /etc/samba/smb.conf ... 57 [global] 74 workgroup = WORKSTATION //此處修改為windows服務(wù)端計(jì)算機(jī)所屬工作組. 75 server string = Samba Server Version %v
1.4 然后開(kāi)始驗(yàn)證實(shí)驗(yàn)結(jié)果:
1. 在Linux客戶(hù)端交互式訪問(wèn)共享的數(shù)據(jù)目錄test_file:
[root@7-102 ~]# smbclient -L 10.68.7.80 -U user1 Enter user1's password: Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1] Sharename Type Comment --------- ---- ------- ADMIN$ Disk 遠(yuǎn)程管理 C$ Disk 默認(rèn)共享 IPC$ IPC 遠(yuǎn)程 IPC test_file Disk Users Disk session request to 10.68.7.80 failed (Called name not present) session request to 10 failed (Called name not present) session request to *SMBSERVER failed (Called name not present) NetBIOS over TCP disabled -- no workgroup available [root@7-102 ~]#
2. 使用用戶(hù)user1從Linux客戶(hù)端登錄samba共享目錄并上傳文件/etc/fstab:
[root@7-102 ~]# smbclient //10.68.7.80/test_file -U user1 Enter user1's password: Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1] smb: \> lcd /etc smb: \> put fstab putting file fstab as \fstab (393.0 kb/s) (average 393.1 kb/s) smb: \> ls . D 0 Fri Nov 25 05:02:37 2016 .. D 0 Fri Nov 25 05:02:37 2016 fstab A 805 Fri Nov 25 05:02:37 2016 51148 blocks of size 2097152. 40843 blocks available smb: \>
3. 在windows服務(wù)端查看用戶(hù)user1上傳的文件fstab:
4. 使用用戶(hù)user2查看并上傳文件,上傳失敗則驗(yàn)證成功:
[root@7-102 ~]# smbclient //10.68.7.80/test_file -U user2 Enter user2's password: Domain=[YANGBIN-PC] OS=[Windows 7 Professional 7601 Service Pack 1] Server=[Windows 7 Professional 6.1] smb: \> ls . D 0 Fri Nov 25 05:02:37 2016 .. D 0 Fri Nov 25 05:02:37 2016 fstab A 805 Fri Nov 25 05:02:37 2016 51148 blocks of size 2097152. 40843 blocks available smb: \> lcd /etc smb: \> put inittab NT_STATUS_ACCESS_DENIED opening remote file \inittab //提示上傳被拒絕. smb: \>
1.5 基于掛載的方式訪問(wèn)共享目錄:
[root@7-102 ~]# mkdir /mnt/test [root@7-102 ~]# mount -t cifs //10.68.7.80/test_file /mnt/test -o username=user1,password=user1 [root@7-102 ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/sda2 ext4 58G 2.9G 52G 6% / tmpfs tmpfs 932M 0 932M 0% /dev/shm /dev/sda1 ext4 7.5G 53M 7.1G 1% /boot /dev/sr0 iso9660 3.7G 3.7G 0 100% /media //10.68.7.80/test_file cifs 100G 21G 80G 21% /mnt/test [root@7-102 ~]#
END
2.1 建立共享samba目錄文件,創(chuàng)建工作組,添加用戶(hù):
[root@7-103 ~]# mkdir -pv /data/shared mkdir: created directory `/data' mkdir: created directory `/data/shared' [root@7-103 ~]# groupadd develop [root@7-103 ~]# useradd -G develop gentoo //-G<群組>:指定用戶(hù)所屬的附加群組; [root@7-103 ~]# useradd -G develop centos [root@7-103 ~]# useradd ubuntu [root@7-103 ~]# echo gentoo |passwd --stdin gentoo Changing password for user gentoo. passwd: all authentication tokens updated successfully. [root@7-103 ~]# echo cnetos |passwd --stdin centos Changing password for user centos. passwd: all authentication tokens updated successfully. [root@7-103 ~]# echo ubuntu |passwd --stdin ubuntu Changing password for user ubuntu. passwd: all authentication tokens updated successfully.
2.2 在Linux服務(wù)端安裝samba server軟件:
[root@7-103 ~]# yum -y install samba [root@7-103 ~]# rpm -qa samba* samba-winbind-clients-3.6.23-20.el6.x86_64 samba-common-3.6.23-20.el6.x86_64 samba-winbind-3.6.23-20.el6.x86_64 samba-3.6.23-20.el6.x86_64 [root@7-103 ~]#
2.3 添加samba用戶(hù)gentoo,centos和Ubuntu,密碼為各自用戶(hù)名:
[root@7-103 ~]# smbpasswd -a gentoo New SMB password: Interrupted by signal. [root@7-103 ~]# smbpasswd -a gentoo New SMB password: Retype new SMB password: Added user gentoo. [root@7-103 ~]# smbpasswd -a centos New SMB password: Retype new SMB password: Added user centos. [root@7-103 ~]# smbpasswd -a ubuntu New SMB password: Retype new SMB password: Added user ubuntu. [root@7-103 ~]#
2.4 在samba配置文件進(jìn)行配置:
[root@7-103 ~]# vim /etc/samba/smb.conf 1 2 [global] 3 4 workgroup = WORKSTATION //設(shè)置工作組為WORKSTATION. 5 server string = Samba Server Version %v 6 7 ; netbios name = MYSERVER 8 9 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 10 ; hosts allow = 10.68.7. //此處僅允許10.68.7.0/24網(wǎng)段主機(jī)訪問(wèn). 11 12 13 # logs split per machine 14 log file = /var/log/samba/log.%m 15 # max 50KB per log file, then rotate 16 max log size = 50 17 18 19 security = user //安全級(jí)別,user表示需由本服務(wù)器驗(yàn)證用戶(hù)名及密碼. 20 passdb backend = tdbsam //該項(xiàng)表示samba用戶(hù)密碼以tdbsam格式保存,安全性很高. 21 22 23 24 25 ; security = domain 26 ; passdb backend = tdbsam 27 ; realm = MY_REALM 28 29 ; password server = <NT-Server-Name> 30 31 ; security = user 32 ; passdb backend = tdbsam 33 34 ; domain master = yes 35 ; domain logons = yes 36 37 # the login script name depends on the machine name 38 ; logon script = %m.bat 39 # the login script name depends on the unix user used 40 ; logon script = %u.bat 41 ; logon path = \\%L\Profiles\%u 42 # disables profiles support by specifing an empty path 43 ; logon path = 44 45 ; add user script = /usr/sbin/useradd "%u" -n -g users 46 ; add group script = /usr/sbin/groupadd "%g" 47 ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" 48 ; delete user script = /usr/sbin/userdel "%u" 49 ; delete user from group script = /usr/sbin/userdel "%u" "%g" 50 ; delete group script = /usr/sbin/groupdel "%g" 51 52 53 ; local master = no 54 ; os level = 33 55 ; preferred master = yes 56 57 58 ; wins support = yes 59 ; wins server = w.x.y.z 60 ; wins proxy = yes 61 62 ; dns proxy = yes 63 64 65 load printers = yes 66 cups options = raw 67 68 ; printcap name = /etc/printcap 69 #obtain list of printers automatically on SystemV 70 ; printcap name = lpstat 71 ; printing = cups 72 73 74 ; map archive = no 75 ; map hidden = no 76 ; map read only = no 77 ; map system = no 78 ; store dos attributes = yes 79 80 81 82 [homes] 83 comment = Home Directories 84 browseable = no 85 writable = yes 86 ; valid users = %S 87 ; valid users = MYDOMAIN\%S 88 89 [printers] 90 comment = All Printers 91 path = /var/spool/samba 92 browseable = no 93 guest ok = no 94 writable = no 95 printable = yes 96 97 ; [netlogon] 98 ; comment = Network Logon Service 99 ; path = /var/lib/samba/netlogon 100 ; guest ok = yes 101 ; writable = no 102 ; share modes = no 103 104 105 ; [Profiles] 106 ; path = /var/lib/samba/profiles 107 ; browseable = no 108 ; guest ok = yes 109 110 111 ; [public] 112 ; comment = Public Stuff 113 ; path = /home/samba 114 ; public = yes 115 ; writable = yes 116 ; printable = no 117 ; write list = +staff 118 119 //自定義共享: 120 [shared] 121 comment = shared test file 122 path = /data/shared 123 writable = yes 124 guest ok = yes 注:關(guān)于samba配置文件的詳細(xì)解釋?zhuān)蓞⒖既缦逻@篇博客: http://10166561.blog.51cto.com/10156561/1683136
2.5 測(cè)試配置文件是否有語(yǔ)法錯(cuò)誤,以及顯示最終生效的配置:
[root@7-103 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[shared]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = WORKSTATION server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [shared] comment = shared test file path = /data/shared read only = No guest ok = Yes [root@7-103 ~]#
2.6 啟動(dòng)samba服務(wù):
[root@7-103 ~]# service smb start;service nmb start Starting SMB services: [ OK ] Starting NMB services: [ OK ] [root@7-103 ~]#
2.7 配置共享文件權(quán)限:
[root@7-103 ~]# setfacl -m group:develop:rwx /data/shared [root@7-103 ~]# set -m user:ubuntu:rx /data/shared [root@7-103 ~]# ls -ld /data/shared drwxrwxr-x+ 3 root root 4096 Sep 21 04:55 /data/shared [root@7-103 ~]#
注:共享權(quán)限和文件系統(tǒng)權(quán)限二者缺一不可.必須都擁有寫(xiě)權(quán)限才能寫(xiě)入.
2.8 交互式數(shù)據(jù)訪問(wèn):
[root@7-102 ~]# smbclient -L 10.68.7.103 -U gentoo Enter gentoo's password: Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6] Sharename Type Comment --------- ---- ------- shared Disk shared test file IPC$ IPC IPC Service (Samba Server Version 3.6.23-20.el6) gentoo Disk Home Directories Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6] Server Comment --------- ------- 7-103 Samba Server Version 3.6.23-20.el6 Workgroup Master --------- ------- WORKSTATION 7-103 [root@7-102 ~]#
2.9 測(cè)試結(jié)果
首先以一臺(tái)Linux 7-102客戶(hù)端分別用centos和Ubuntu用戶(hù)登錄samba服務(wù),前者可上傳文件,后者則只讀:
[root@7-102 ~]# smbclient //10.68.7.103/shared -U centos Enter centos's password: Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6] smb: \> ls . D 0 Wed Sep 21 01:54:46 2016 .. D 0 Wed Sep 21 01:54:46 2016 58930 blocks of size 1048576. 53326 blocks available smb: \> smb: \> lcd /etc smb: \> put fstab putting file fstab as \fstab (262.0 kb/s) (average 262.0 kb/s) smb: \> ls . D 0 Wed Sep 21 04:36:45 2016 .. D 0 Wed Sep 21 01:54:46 2016 fstab A 805 Wed Sep 21 04:36:45 2016 58930 blocks of size 1048576. 53326 blocks available smb: \> [root@7-102 ~]# smbclient //10.68.7.103/shared -U ubuntu Enter ubuntu's password: Domain=[WORKSTATION] OS=[Unix] Server=[Samba 3.6.23-20.el6] smb: \> smb: \> ls . D 0 Wed Sep 21 04:36:45 2016 .. D 0 Wed Sep 21 01:54:46 2016 fstab A 805 Wed Sep 21 04:36:45 2016 58930 blocks of size 1048576. 53326 blocks available smb: \> lcd /etc smb: \> put inittab NT_STATUS_ACCESS_DENIED opening remote file \inittab smb: \>
注:
# smbclient //10.68.7.103/shared -U centos //此處填寫(xiě)共享文件,不能包括共享 文件的上級(jí)目錄.
3.0 在windows客戶(hù)端驗(yàn)證:
需要出現(xiàn)的結(jié)果是,用gentoo用戶(hù)登錄訪問(wèn)共享目錄文件,可創(chuàng)建文件:
3.1 用Ubuntu用戶(hù)登錄訪問(wèn)共享目錄,創(chuàng)建文件被拒絕,僅能讀?。?/p>
結(jié)果驗(yàn)證成功!
另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無(wú)理由+7*72小時(shí)售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性?xún)r(jià)比高”等特點(diǎn)與優(yōu)勢(shì),專(zhuān)為企業(yè)上云打造定制,能夠滿(mǎn)足用戶(hù)豐富、多元化的應(yīng)用場(chǎng)景需求。
網(wǎng)站欄目:【文件共享服務(wù)之一】Samba服務(wù)-創(chuàng)新互聯(lián)
網(wǎng)頁(yè)URL:http://muchs.cn/article24/dhgjje.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站設(shè)計(jì)公司、網(wǎng)站制作、手機(jī)網(wǎng)站建設(shè)、ChatGPT、網(wǎng)站策劃、云服務(wù)器
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)
猜你還喜歡下面的內(nèi)容