一、Samba
Samba是SMB的一種實作方法,主要用來實作Linux系統的檔案和列印服務。Linux使用者通過配置使用Samba伺服器可以實作與Windows
使用者的資源共享。守護程序smbd和nmbd是Samba的核心,在全部時間内運作。nmbd程式使得通過企圖計算機可以浏覽Linux伺服器。
1、Samba的安裝
我們隻通過yum安裝
[root@Samba ~]# yum install -y samba
2、Samba配置
[root@Samba ~]# vim /etc/samba/smb.conf
# Samba的全局配置
#======================= Global Settings =====================================
[global]
# 網絡的相關選項
# ----------------------- Network Related Options -------------------------
workgroup = WORKGROUP
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
# 日志選項
# --------------------------- Logging Options -----------------------------
log file = /var/log/samba/log.%m
max log size = 50
# 獨立伺服器選項
# ----------------------- Standalone Server Options ------------------------
; security = user
; passdb backend = tdbsam
# 域成員選項
# ----------------------- Domain Members Options ------------------------
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; password server = <NT-Server-Name>
# 域控制選項
# ----------------------- Domain Controller Options ------------------------
; security = user
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# 浏覽器控制選項
# ----------------------- Browser Control Options ----------------------------
; local master = no
; os level = 33
; preferred master = yes
# 名字解析
#----------------------------- Name Resolution -------------------------------
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# 列印選項
# --------------------------- Printing Options -----------------------------
load printers = yes
cups options = raw
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
# 檔案系統選項
# --------------------------- Filesystem Options ---------------------------
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
# 定義共享選項
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
案例一:不需密碼的分享 (security = share, 純測試)
# 編輯Samba配置
[root@Samba ~]# vim /etc/samba/smb.conf
[global]
# workgroup 修改為 windows同一工作組
workgroup = WORKGROUP
server string = Samba Server Version %v
.......................................................
# 共享模式有user,share,server,domain
# security = user #這裡指定samba的安全等級。關于安全等級有四種:
# share:使用者不需要賬戶及密碼即可登入samba伺服器
# user:由提供服務的samba伺服器負責檢查賬戶及密碼(預設)
# server:檢查賬戶及密碼的工作由另一台windows或samba伺服器負責
# domain:指定windows域控制伺服器來驗證使用者的賬戶及密碼。
security = user 改為 security = share
.......................................................
# 共享子產品的配置
[homes]
comment = Home Directories
# 共享的位址
path = /data/samba
browseable = yes
public = yes
writable = no
# 建立共享目錄
[root@samba ~]# mkdir -p /data/samba
[root@samba ~]# chmod 777 !$
chmod 777 /data/samba
# 對smb配置檢測
[root@samba ~]# testparm -v
# 啟動samba服務
[root@samba ~]# /etc/init.d/smb start
啟動 SMB 服務: [确定]
# 設定開機啟動
[root@samba ~]# chkconfig --list |grep smb
smb 0:關閉 1:關閉 2:關閉 3:關閉 4:關閉 5:關閉 6:關閉
[root@samba ~]# chkconfig --level 3 smb on
[root@samba ~]# chkconfig --list |grep smb
smb 0:關閉 1:關閉 2:關閉 3:啟用 4:關閉 5:關閉 6:關閉
[root@samba ~]# service smb start
啟動 SMB 服務: [确定]
# 注:iptables 與 selinux
windows 測試
在windows 中資料總管輸入samba伺服器IP位址
如下圖:
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiInBnaugzM5UUQOBzdohlcEFUQLB1dLNFTtMWbWFDTvl2S39CXChzLcRkNvwlMw00LcJDMzZWe39CXt92Yu8GdjFTNuMzcvw1LcpDc0RHaiojIsJye.jpg)
在這裡我們看到了share,這個就是我們之前在smb.conf配置的共享子產品名字,接下來我在裡伺服器上編輯一個檔案,看看能否在windows用戶端看見
[root@samba ~]# vim /data/samba/test.txt
測試
在Linux系統測試
# 在linux系統中需要安裝samba-client
[root@mysql ~]# yum install -y samba-client
# 指令smbclient
# 選項:-L :僅查閱後面接的主機所提供分享的目錄資源;
# -U :以後面接的這個賬号來嘗試取得該主機的可使用資源
[root@mysql ~]# smbclient -L 192.168.0.175
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
Sharename Type Comment
--------- ---- -------
share Disk Home Directories
IPC$ IPC IPC Service (Samba Server Version 3.6.23-14.el6_6)
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
Server Comment
--------- -------
Workgroup Master
--------- -------
# 挂載samba共享目錄
[root@mysql ~]# mount -t cifs //192.168.0.175/share /mnt
案例二:使用賬戶密碼登入,通路
# 修改配置檔案包含以下内容
[root@samba ~]# vim /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
# 主要修改這裡
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
# 共享的子產品名
[share]
# 對共享目錄的描述
comment = Home Directories
# 共享的實際目錄
path = /data
browseable = yes
public = yes
writable = yes
# 先建立使用者
[root@samba ~]# useradd testuser_1
[root@samba ~]# useradd testuser_2
# 為samba添加系統賬号
# pdbedit指令選項:
# -a 建立使用者
# -u 指定使用者
# -x 删除使用者
# -L 列出所有使用者
# -v 詳細的資訊
[root@samba ~]# pdbedit -a testuser_1
new password:
retype new password:
.................以下省略................
[root@samba ~]# pdbedit -a testuser_2
new password:
retype new password:
................以下省略................
# 列出建立的samba賬戶
[root@samba ~]# pdbedit -L
testuser_1:500:
testuser_2:501:
# 建立共享目錄,更改權限
[root@samba ~]# mkdir /data
[root@samba ~]# chmod 777 !$
chmod 777 /data
[root@samba ~]# service smb start
啟動 SMB 服務: [确定]
在浏覽器測試
有時候通路不通,需要注意一下iptables和selinux
Linux端通路及使用
# 通路格式smbclient //IP/共享名 -U 使用者名
[root@lamp ~]# smbclient //192.168.0.132/myshare -U testuser_1
Enter testuser_1's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
smb: \> ls
. D 0 Fri May 29 08:13:44 2015
.. DR 0 Fri May 29 08:01:51 2015
2 D 0 Fri May 29 08:13:38 2015
47077 blocks of size 262144. 39774 blocks available
smb: \>
# 挂載
[root@lamp ~]# mount -t cifs //192.168.0.132/myshare /mnt -o username=testuser_1,password=123456
# 報這個錯誤是因為沒有安裝cifs-utils
mount: wrong fs type, bad option, bad superblock on //192.168.0.132/myshare,
missing codepage or helper program, or other error
(for several filesystems (e.g. nfs, cifs) you might
need a /sbin/mount.<type> helper program)
In some cases useful info is found in syslog - try
dmesg | tail or so
[root@lamp ~]# cd /mnt
[root@lamp mnt]# ll
總用量 0
drwxr-xr-x 2 501 501 0 5月 29 08:13 2
[root@lamp ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 12G 2.1G 8.9G 19% /
tmpfs 1.9G 0 1.9G 0% /dev/shm
/dev/sda1 190M 45M 136M 25% /boot
//192.168.0.132/myshare
12G 1.2G 9.8G 11% /mnt
二、squid
1、squid 正向代理
安裝與配置
yum安裝squid
squid -v 查找squid的版本與編譯參數
[root@lamp ~]# yum install -y squid
# 配置内容
[root@lamp ~]# vim /etc/squid/squid.conf
http_port 3128
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
cache_dir aufs /data/cache 1024 16 256
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
refresh_pattern . 0 20% 4320
# 建立緩存目錄
[root@lamp squid]# mkdir -p /data/cache
# 更改權限
[root@lamp squid]# chown -R squid:squid /data/cache
# 初始化資料庫
[root@lamp squid]# squid -z
2015/05/30 02:02:59| Creating Swap Directories
2015/05/30 02:02:59| /data/cache exists
2015/05/30 02:02:59| Making directories in /data/cache/00
2015/05/30 02:02:59| Making directories in /data/cache/01
2015/05/30 02:02:59| Making directories in /data/cache/02
2015/05/30 02:02:59| Making directories in /data/cache/03
2015/05/30 02:02:59| Making directories in /data/cache/04
2015/05/30 02:02:59| Making directories in /data/cache/05
2015/05/30 02:02:59| Making directories in /data/cache/06
2015/05/30 02:02:59| Making directories in /data/cache/07
2015/05/30 02:02:59| Making directories in /data/cache/08
2015/05/30 02:02:59| Making directories in /data/cache/09
2015/05/30 02:02:59| Making directories in /data/cache/0A
2015/05/30 02:02:59| Making directories in /data/cache/0B
2015/05/30 02:02:59| Making directories in /data/cache/0C
2015/05/30 02:02:59| Making directories in /data/cache/0D
2015/05/30 02:02:59| Making directories in /data/cache/0E
2015/05/30 02:02:59| Making directories in /data/cache/0F
# 啟動squid
[root@lamp squid]# /etc/init.d/squid start
正在啟動 squid:. [确定]
# 檢查配置檔案正确性
[root@lamp squid]# squid -kcheck
# 重新加載配置
[root@lamp squid]# squid -k rec
# 重新啟動squid
[root@lamp squid]# service squid restart
停止 squid:................ [确定]
正在啟動 squid:. [确定]
# 進行圖檔測試
[root@lamp squid]# curl -xlocalhost:3128 -I http://www.xinhuanet.com/photo/titlepic/12785/127857498_1432887593222_title0h.jpg
HTTP/1.0 200 OK
Server: nginx/1.2.6
Date: Sat, 30 May 2015 02:12:52 GMT
Content-Type: p_w_picpath/jpeg
Content-Length: 14053
Last-Modified: Fri, 29 May 2015 08:32:43 GMT
Accept-Ranges: bytes
Powered-By-ChinaCache: HIT from 060120c3H5.4
Expires: Sat, 30 May 2015 02:17:52 GMT
Age: 211
Powered-By-ChinaCache: HIT from 010123b3H8
X-Cache: MISS from lamp <== 這裡提示未命中
X-Cache-Lookup: MISS from lamp:3128 <== 這裡提示未命中
Via: 1.0 lamp (squid/3.1.10)
Connection: keep-alive
[root@lamp squid]# curl -xlocalhost:3128 -I http://www.xinhuanet.com/photo/titlepic/12785/127857498_1432887593222_title0h.jpg
HTTP/1.0 200 OK
Server: nginx/1.2.6
Date: Sat, 30 May 2015 02:12:52 GMT
Content-Type: p_w_picpath/jpeg
Content-Length: 14053
Last-Modified: Fri, 29 May 2015 08:32:43 GMT
Accept-Ranges: bytes
Powered-By-ChinaCache: HIT from 060120c3H5.4
Expires: Sat, 30 May 2015 02:17:52 GMT
Powered-By-ChinaCache: HIT from 010123b3H8
Age: 252
X-Cache: HIT from lamp <== 已命中
X-Cache-Lookup: HIT from lamp:3128 <== 已命中
Via: 1.0 lamp (squid/3.1.10)
Connection: keep-alive
黑名單白名單控制通路
增加内容
acl http proto HTTP
acl bad_domain dstdomain .taobao.com .jd.com
http_access allow http bad _domain
#http_access deny http !good_domain
2、squid反向代理
# 修改配置
[root@web ~]# vim /etc/squid/squid.conf
....................
http_port 3128 <== 修改為http_port 80 accel vhost vport
....................
# 增加的内容
cache_peer 14.17.32.211 parent 80 0 originserver name=a
cache_peer 180.97.33.107 parent 80 0 originserver name=b
cache_peer_domain a www.qq.com
cache_peer_domain b www.baidu.com
.............................
如果是squid要代理一台web上的所有域名,那麼就寫成這樣: cache_peer 192.168.10.111 80 0 originserver #隻需要這一行,cache_peer_domain 都可以省掉
/etc/init.d/squid restart