samba 服務有2模塊組成
- smb:service message block --------progress:smbd port:445/tcp
- netbios:本地名稱解析 --------progress:nmbd port:137/udp 138/udp 139/tcp
1、服務器安裝
[root@localhost f1]# yum install samba
2、創建用戶
[root@localhost ~]# useradd smbuser #不設置系統登入密碼
[root@localhost ~]# smbpasswd -a smbuser #設置samba登入密碼 -a 是添加 不加是修改 smbpasswd -h
New SMB password:
Retype new SMB password:
Added user smbuser.
#[root@localhost ~]# smbpasswd smbuser #修改密碼
#[root@localhost ~]# smbpasswd -x smbuser #刪除用戶
#所有用戶查看
[root@localhost samba]# pdbedit -L
smbuser:1004:
#顯示單個用戶詳細信息
[root@localhost ~]# pdbedit -u smbuser -v
3、配置文件
[root@localhost f1]# cp /etc/samba/smb.conf{,.bak}
[root@localhost f1]# vim /etc/samba/smb.conf #主要配置gloal部分
[global]
workgroup = SAMBA
server string = Samba Server Version %v
interfaces = ens33 #監聽網卡
hosts allow = 172.16.86. #允許主機可以是網絡或者主機
log file = /var/log/samba/log.%m #日誌
max log size = 50 #日誌滾動大小
security = user #表示用服務器登入驗證表
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No #必須是no,不然可以客戶模式直接登入
writable = no #家目錄寫權限 默認是能寫的 這個跟下面read noly選一樣
inherit acls = Yes
測試參數
[root@localhost samba]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
4、啓動服務
[root@localhost samba]# systemctl start nmb smb
5、客戶端安裝
[root@ns1 ~]# yum install samba-client
5.1 指定用戶查看
[root@ns1 ~]# smbclient -L 172.16.86.210 -U smbuser
Enter SAMBA\smbuser's password: 上述密碼
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba Server Version 4.7.1)
smbuser Disk Home Directories
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
SAMBA LOCALHOST
5.2 指定用戶登入
[root@ns1 ~]# smbclient //172.16.86.210/smbuser -U smbuser
Enter SAMBA\smbuser's password:
Try "help" to get a list of possible commands.
smb: \> #之後操作跟ftp一樣
smb: \> put cekt
putting file cekt as \cekt (56.1 kb/s) (average 56.1 kb/s)
#服務器
[root@localhost samba]# ls /home/smbuser/
.bash_logout .bash_profile .bashrc cekt
5.3 共享目錄
#服務器
[root@localhost samba]# mkdir /sambashared/node1 -pv
[root@localhost samba]# chmod o+w /sambashared/node1 #可以用setfacl方式對指定用戶開放權限 個人絕對這裏都可以寫,在smb中控制具體那些用戶能寫
[root@localhost samba]# vim smb.conf
[node1]
comment = shared node1
path = /sambashared/node1
write list = smbuser,smbuser2
browseable = no #yes 個人賬戶登入會顯示node1 no個人賬戶登入不會顯示node1節點
guest ok = no
[root@localhost samba]# systemctl restart nmb smb
#客戶端
[root@ns1 ~]# smbclient //172.16.86.210/node1 -U smbuser
Enter SAMBA\smbuser's password:
Try "help" to get a list of possible commands.
smb: \> put ks3.cfg
putting file ks3.cfg as \ks3.cfg (480.9 kb/s) (average 481.0 kb/s)
共享目錄另外使用場景
#共享目錄本是爲每個用戶提供一個公共文件目錄。以下是個人對共享目錄的另外一種使用場景
#每個用戶不創建家目錄,只能在公共目錄中訪問,
#在共享目錄下 創建每個用戶的家目錄,屬主用戶,數組smbroot,權限770,公共目錄pub
#這麼設計的好處是smbroot 能管理所有賬號,文件存放位置比較統一,容易管理
[root@localhost ~]# useradd -M smbuser2
[root@localhost ~]# smbpasswd -a smbuser2
[root@localhost node1]# chown smbuser2.root t1
[root@localhost node1]# ll
總用量 8
drwxrwx--- 3 smbuser smbroot 68 5月 21 19:05 smbuser
drwxrwx--- 3 smbuser2 smbroot 68 5月 21 19:05 smbuser2
6、客戶端掛載到本地:
[root@marvin samba]# yum install cifs-utils -y
[root@ns1 ~]# mkdir /mnt/t5
[root@ns1 mnt]# mount -t cifs //172.16.86.210/node1 /mnt/t5 -o username=smbuser,password=zander
[root@ns1 ~]# mount -t cifs //172.16.86.210/node1 /mnt/t5 -o username=smbuser
Password for smbuser@//172.16.86.210/node1: ******
[root@ns1 ~]# cd /mnt/t5
[root@ns1 t5]# ll
total 4
-rwxr--r-- 1 1004 1004 1970 May 21 02:38 ks3.cfg #id
7、掛載用戶信息查看
[root@localhost node1]# smbstatus
Samba version 4.7.1
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
29289 smbuser smbuser 172.16.86.1 (ipv4:172.16.86.1:53772) SMB3_02 - partial(AES-128-CMAC)
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
node1 29289 172.16.86.1 一 5月 21 19時39分50秒 2018 CST - -
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
29289 1004 DENY_NONE 0x100081 RDONLY NONE /sambashared/node1 . Mon May 21 19:39:53 2018
29289 1004 DENY_NONE 0x100081 RDONLY NONE /sambashared/node1 . Mon May 21 19:39:53 2018