• CentOS下Samba文件服务器的安装与配置


    前言:文件服务器提供的服务在大多数公司或企业都会被用到,因为在任何的公司或企业都涉及不同职位获取不同资源文件的情况,这就需要根据不同职位配置相关的不同权限,以保证相关资源文件的安全性和保密性。

    一、Samba介绍:

            Server Message Block的缩写是SMB,即服务器消息块,SMB主要是作为Microsoft的网络通讯协议。Samba将SMB通信协议应用到了Linux系统上,使得Samba成为一款能让Linux系统应用Microsoft网络通讯协议的软件。Samba最大的功能可用于Linux与windows系统直接的文件共享和打印共享,Samba既可用于windows与Linux之间的文件共享,也可用于Linux与Linux之间的资源共享,由于NFS的出现,因而 Samba更多用在Linux与windows之间的数据共享上面。

      SMB是基于客户机/服务器型的协议,故一台Samba服务器既可当文件共享服务器,也可充Samba的客户端。Samba在windows下使用的是NetBIOS协议,如果你要使用Linux下共享出来的文件,请确认你的windows系统下是否安装了NetBIOS协议。

      组成Samba运行的有两个服务,一个是SMB,另一个是NMB;SMB是Samba 的核心启动服务,主要负责建立Samba服务器与Samba客户机之间的对话,验证用户身份并提供对文件和打印系统的访问,只有SMB服务启动,才能实现文件的共享,监听139 TCP端口;而NMB服务是负责解析用的,类似与DNS实现的功能,NMB可以把Linux系统共享的工作组名称与其IP对应起来,如果NMB服务没有启动,就只能通过IP来访问共享文件,监听137和138 UDP端口。         Samba服务器可实现如下功能:

             A、WINS和DNS服务;

             B、网络浏览服务;

             C、Linux和Windows域之间的认证和授权;

             D、UNICODE字符集和域名映射;

             E、满足CIFS协议的UNIX共享等。

    二、环境准备:

             1、CentOS 6.3版本(32位),主机名:samba;

             2、IP地址:192.168.31.131;

             3、虚拟机:VMware® Workstation 9.0.0 build-812388;

             4、samba软件:samba-3.6.9-167.el6_5.i686;

             5、工作组:Lmzsamba。

    三、安装软件:

             A、安装前的准备工作:

                    SELINUX=disabled

                    关闭防火墙:service iptables stop

             B、执行如下命令安装samba:

                    [root@samba ~]# yum install samba samba-client samba-swat

             C、检查samba是否安装成功:               

                    [root@samba ~]# rpm -qa | grep samba

                    如果显示有如下一些信息,则说明安装没有问题:

                    samba-client-3.6.9-167.el6_5.i686

                    samba-3.6.9-167.el6_5.i686

                    samba-common-3.6.9-167.el6_5.i686

                    samba-winbind-3.6.9-167.el6_5.i686

                    samba-swat-3.6.9-167.el6_5.i686

                    samba-winbind-clients-3.6.9-167.el6_5.i686

             D、启动samba服务及状态检查:

                    [root@samba ~]# /etc/init.d/smb start

                    显示结果:

                    Starting SMB services:                                     [  OK  ]

                    状态检查:

                    [root@samba ~]# service smb status

                    显示结果:

                    smbd (pid  2462) is running...

             E、设置开机自启动,并查看是否设置成功:               

                    [root@samba ~]# chkconfig --level 35 smb on

                    检查是否成功:

                    [root@samba ~]# chkconfig --list | grep smb

                    结果显示如红色部分(在3、5级别上自动运行samba服务),则表示设置成功:

                    smb             0:off   1:off   2:off   3:on    4:off   5:on    6:off

    四、服务配置:

             Samba服务配置主要是指/etc/samba/smb.conf文件的配置。一般情况下,公司或企业主要分三种情况,即:

            1、公共匿名类共享目录的配置(即匿名账户访问共同的目录或者文件);

                  A、配置文件:

                         [root@samba ~]# vi /etc/samba/smb.conf        

                         在文件中添加或者修改相关代码:

                         workgroup = WORKGROUP                                                //定义工作组,也就是windows中的工作组概念

                         server string = Lmz Samba Server Version %v              //定义Samba服务器的简要说明                     

                         netbios name = LmzSamba                                               //定义windows中显示出来的计算机名称

     

                         //定义Samba用户的日志文件,%m代表客户端主机名

                         //Samba服务器会在指定的目录中为每个登陆主机建立不同的日志文件

                         log file = /var/log/samba/log.%m

     

                         security = share                                                          //共享级别,用户不需要账号和密码即可访问

                        

                         [public]                                                                         //设置针对的是共享目录个别的设置,只对当前的共享资源起作用

                                     comment = Public Stuff                                 //对共享目录的说明文件,自己可以定义说明信息

                                     path = /share                                                   //用来指定共享的目录,必选项

                                     public = yes                                                     //所有人可查看,等效于guest ok = yes                         

                  B、建立共享目录:

                         [root@samba ~]# cd ..

                         [root@samba /]# mkdir share

                         [root@samba /]# cd share

                         [root@samba share]# touch samba.txt

                         [root@samba share]# touch aa.txt                    

                         [root@samba share]# ls -ls

                         显示结果:

                         total 0

                         0 -rw-r--r--. 1 root root 0 Mar 13 11:02 aa.txt

                         0 -rw-r--r--. 1 root root 0 Mar 13 11:02 samba.txt

                         为/share目录给匿名用户授权为nobody权限:

                         [root@samba /]# chown -R nobody:nobody share/

                         [root@samba /]# ll /share/

                         total 0

                         -rw-r--r--. 1 nobody nobody 0 Mar 13 11:02 aa.txt

                         -rw-r--r--. 1 nobody nobody 0 Mar 13 11:02 samba.txt

                  C、重启smb服务:

                         [root@samba /]# /etc/init.d/smb restart

                         Shutting down SMB services:                                [  OK  ]

                         Starting SMB services:                                            [  OK  ]

                         [root@samba /]# /etc/init.d/nmb restart

                         Shutting down NMB services:                                [FAILED]

                         Starting NMB services:                                            [  OK  ]

                  D、测试smb.conf配置是否正确:                    

                         [root@samba /]# testparm

                         显示结果:

                         Load smb config files from /etc/samba/smb.conf

                         rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

                         Processing section "[homes]"

                         Processing section "[printers]"

                         Processing section "[public]"

                         WARNING: The security=share option is deprecated

                         Loaded services file OK.

                         Server role: ROLE_STANDALONE

                         Press enter to see a dump of your service definitions

                         [global]

                                      netbios name = LMZSAMBA

                                      server string = Lmz Samba Server Version %v

                                      security = SHARE

                                      log file = /var/log/samba/log.%m

                                      max log size = 50

                                      idmap config * : backend = tdb

                                      cups options = raw

                         [homes]

                                      comment = Home Directories

                                      read only = No

                                      browseable = No

                         [printers]

                                      comment = All Printers

                                      path = /var/spool/samba

                                      printable = Yes

                                      print ok = Yes

                                      browseable = No

                         [public]

                                      comment = Public Stuff

                                      path = /share

                                      guest ok = Yes

                  E、访问Samba服务器的共享文件:   

                         E1:CentOS系统下测试:                  

                         [root@samba /]# smbclient //127.0.0.1/public

                         显示结果:

                         WARNING: The security=share option is deprecated

                         Enter root's password:

                         由于是匿名用户,没有设置密码,所以在此直接回车即可:

                         Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]

                         Server not using user level security and no password supplied.

                         smb: >

                         在此输入 ls 命令,回车得到如下信息:

                         smb: > ls

                                           .                                   D        0  Thu Mar 13 11:02:47 2014

                                           ..                                 DR        0  Thu Mar 13 11:13:53 2014

                                           aa.txt                                       0  Thu Mar 13 11:02:47 2014

                                           samba.txt                                    0  Thu Mar 13 11:02:37 2014

                                                      35755 blocks of size 524288. 29202 blocks available

                         smb: >

                         在此输入 q 命令,退出访问。

                         E2:window xp系统下测试,结果如图:

                         

                         从图中可以看出,公共目录共享成功。

             2、按照权限对目录进行分组(即除公共共享目录外,各组访问各组的文件或目录,以技术部门TS为例);

                   A、添加TS部组和用户,并赋给用户密码:  

                         [root@samba ~]# groupadd ts

                         [root@samba ~]# useradd -g ts zhangsan

                         [root@samba ~]# useradd -g ts lisi

                         设置lisi的密码:

                         [root@samba ~]# passwd lisi

                         显示结果:

                         Changing password for user lisi.

                         New password:

                         在此输入密码:123456,回车:

                         BAD PASSWORD: it is too short

                         BAD PASSWORD: is too simple

                         Retype new password:

                         再次输入密码:123456,回车:

                         passwd: all authentication tokens updated successfully.

                         设置zhangsan的密码:

                         [root@samba ~]# passwd zhangsan

                         显示结果:

                         Changing password for user zhangsan.

                         New password:

                         在此输入密码:123456,回车:

                         BAD PASSWORD: it is too short

                         BAD PASSWORD: is too simple

                         Retype new password:

                         再次输入密码:123456,回车:

                         passwd: all authentication tokens updated successfully.

                   B、在根目录下建立/ts 文件夹:  

                         [root@samba ~]# cd /

                         [root@samba /]# mkdir ts

                         [root@samba /]# cd ts

                         [root@samba ts]# touch ts.txt

                         [root@samba ts]# ls -ls

                         total 0

                         0 -rw-r--r-- 1 root root 0 Mar 13 18:17 ts.txt

                   C、将建立的两个帐户(lisi、zhangsan)添加到samba的账户中:  

                         [root@samba ~]# smbpasswd -a zhangsan

                         New SMB password:

                         Retype new SMB password:

                         Added user zhangsan.

                         [root@samba ~]# smbpasswd -a lisi

                         New SMB password:

                         Retype new SMB password:

                         Added user lisi.

                   D、修改主配置文件如下:  

                         [root@samba ~]# vi /etc/samba/smb.conf

                         修改security:

                         security = user                         //共享级别,用户不需要账号和密码即可访问

                         添加信息:

                         [ts]

                             comment = TS

                             path = /ts

                             valid users = @ts

                   E、重新加载samba服务:

                         [root@samba ~]# service smb reload

                         显示结果:

                         Reloading smb.conf file:                                   [  OK  ]

                   F、在window xp下测试:

                         打开我的电脑,在地址栏中输入\192.168.31.131,弹出用户登陆框,如图所示: 

                          

                         在图中输入用户名:lisi,密码:123456,登陆成功后,可以看到相应的目录,包括lisi自己的目录、匿名公共目录、lisi与zhangsan共享的非匿名目录。如下图所示:

                          

                         从图中可以看到,达到我们相要的预期效果。

             3、共享目录下的不同目录进行分组。

                   需求:1. 在系统分区时单独分一个Company的区,在该区下有以下几个文件夹:HR、 FM和Share。在Share下又有以下几个文件夹:HR、FM和Tools。

                               2. 各部门对应的文件夹由各部门自己管理,Tools文件夹由管理员维护。

                               3. HR管理员账号:hradmin;普通用户账号:hruser。FM管理员账号:fmadmin;普通用户账号:fmuser。

                   A、新建用户,并设置SMB账户密码:

                          添加用户:

                          [root@samba ~]# useradd -s /sbin/nologin hradmin

                          [root@samba ~]# useradd -g hradmin -s /sbin/nologin hruser

                          [root@samba ~]# useradd -s /sbin/nologin fmadmin

                          [root@samba ~]# useradd -g hradmin -s /sbin/nologin fmuser

                          [root@samba ~]# useradd -s /sbin/nologin admin

                          设置密码:

                          [root@samba ~]# smbpasswd -a hradmin

                          New SMB password:

                          Retype new SMB password:

                          Added user hradmin.

                          [root@samba ~]# smbpasswd -a hruser

                          New SMB password:

                          Retype new SMB password:

                          Added user hruser.

                          [root@samba ~]# smbpasswd -a fmadmin

                          New SMB password:

                          Retype new SMB password:

                          Added user fmadmin.

                          [root@samba ~]# smbpasswd -a fmuser

                          New SMB password:

                          Retype new SMB password:

                          Added user fmuser.

                          [root@samba ~]# smbpasswd -a admin

                          New SMB password:

                          Retype new SMB password:

                          Added user admin.

                          为了方便记忆,在配置的时候,统一设置为:123456。

                   B、新建目录:

                         [root@samba ~]# cd /

                         [root@samba /]# mkdir company

                         [root@samba /]# cd company

                         [root@samba company]# mkdir HR FM Share

                         [root@samba company]# cd Share

                         [root@samba Share]# mkdir HR FM Tools

                   C、更改目录属性:

                         [root@samba company]# chown hradmin.hradmin HR

                         [root@samba company]# chown fmadmin.fmadmin FM

                         [root@samba company]# chown admin.admin Share

                         [root@samba company]# cd Share

                         [root@samba Share]# chown hradmin.hradmin HR

                         [root@samba Share]# chown fmadmin.fmadmin FM

                         [root@samba Share]# chown admin.admin Tools

                         [root@samba Share]# chmod 1775 HR FM

                   D、修改主配置文件如下

                         security = user

                         passdb backend = tdbsam

                         [HR]

                              comment = This is a directory of HR.

                              path = /company/HR/

                              public = no

                              admin users = hradmin

                              valid users = @hradmin

                              writable = yes

                              create mask = 0750

                              directory mask = 0750

                         [FM]

                             comment = This is a directory of FM.

                             path = /company/FM/

                             public = no

                             admin users = fmadmin

                             valid users = @fmadmin

                             writable = yes

                             create mask = 0750

                             directory mask = 0750

                       [Share]

                             comment = This is a share directory.

                             path = /company/Share/

                             public = no

                             valid users = admin,@hradmin,@fmadmin

                             writable = yes

                             create mask = 0755

                             directory mask = 0755

                   E、重新启动samba服务:

                         [root@samba Share]# /etc/init.d/smb restart

                         Shutting down SMB services:                                [  OK  ]

                         Starting SMB services:                                            [  OK  ]

                         [root@samba Share]# /etc/init.d/nmb restart

                         Shutting down NMB services:                                [  OK  ]

                         Starting NMB services:                                            [  OK  ]

                   F、在window xp系统下测试:

                         打开我的电脑,在地址栏中输入\192.168.31.131,弹出用户登陆框,如图所示:

                          

                         在图中输入用户名:hradmin,密码:123456,可以看到相应的共享目录,如下图所示:

                          

                         测试完毕。

             4、设置网络映射驱动器,可以在计算中添加一个类似盘符文件夹,这样就比较方便,如下图所示:

                    

             5、如果网络断不开,出现下面的情况,如下图所示:

                    

                    可以采用如下图的形式解决问题即可:

                    

  • 相关阅读:
    iOS 的 Block 的使用
    iOS 的Could not find Developer Disk Image错误
    iOS 面试
    iOS 开发工具——统计Crash的工具Crashlytics
    iOS 的 Foundation 框架
    iOS 页面之间的传值总结
    iOS 常用四种数据存储方式
    iOS 的 Delegate Notification KVO
    iOS 的 Delegate 设计模式 及 自定义代理
    iOS 的 NSNumber(对基本数据类型) & NSValue(对结构体) 的装箱
  • 原文地址:https://www.cnblogs.com/webnote/p/5741787.html
Copyright © 2020-2023  润新知