文章目录
- 1. samba简介
-
- 1.1 Samba监听端口有
- 1.2 samba进程
- 1.3 samba用户
- 1.4 samba配置文件
- 1.5 Samba安全级别
- 1.6 常用配置文件参数
- 2. samba访问
- 3. 配置用户认证共享
- 4. 配置匿名共享
1. samba简介
1.1 Samba监听端口有
| TCP | UDP |
|---|---|
| 139 445 | 137 138 |
安装samba服务
[[email protected] ~]# yum -y install samba* 服务端安装所有的
[[email protected] ~]# yum -y install samba-client 客户端只需安装一个
[[email protected] ~]# systemctl enable smb nmb
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/nmb.service → /usr/lib/systemd/system/nmb.service.
[[email protected] ~]# systemctl start smb nmb
[[email protected] ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 0.0.0.0:139 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 50 0.0.0.0:445 0.0.0.0:*
LISTEN 0 50 [::]:139 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 50 [::]:445 [::]:*
[[email protected] ~]# ss -anul|grep -E '137|138'
UNCONN 0 0 192.168.50.255:137 0.0.0.0:*
UNCONN 0 0 192.168.50.131:137 0.0.0.0:*
UNCONN 0 0 0.0.0.0:137 0.0.0.0:*
UNCONN 0 0 192.168.50.255:138 0.0.0.0:*
UNCONN 0 0 192.168.50.131:138 0.0.0.0:*
UNCONN 0 0 0.0.0.0:138 0.0.0.0:*
tcp端口相对应的服务是smbd服务,其作用是提供对服务器中文件、打印资源的共享访问。
udp端口相对应的服务是nmbd服务,其作用是提供基于NetBIOS主机名称的解析。
1.2 samba进程
| 进程 | 对应 |
|---|---|
| nmbd | 对应netbios |
| smbd | 对应cifs协议 |
| winbindd + ldap | 对应Windows AD活动目录 |
1.3 samba用户
| 帐号 | 密码 |
|---|---|
| 都是系统用户 /etc/passwd | Samba服务自有密码文件 通过smbpasswd -a USERNAME命令设置 |
smbpasswd命令:
- -a Sys_User : 添加系统用户为samba用户并为其设置密码
- -d : 禁用用户帐号
- -e : 启用用户帐号
- -x : 删除用户帐号
[[email protected] ~]# useradd -r -M -s /sbin/nologin tom 创建一个系统不能登陆的用户tom
[[email protected] ~]# su - tom 切换不了用户说明登陆不了
su: warning: cannot change directory to /home/tom: No such file or directory
This account is currently not available.
[[email protected] ~]# smbpasswd -a tom 添加系统用户为samba用户并为其设置密码
New SMB password:
Retype new SMB password:
Added user tom.
tom登陆,密码123456
访问不了是因为在创建tom用户时没有家目录
1.4 samba配置文件
- /etc/samba/smb.conf(主配置文件)
| samba三大组成 | 作用 |
|---|---|
| [global] | 全局配置,此处的设置项对整个samba服务器都有效 |
| [homes] | 宿主目录共享设置,此处用来设置Linux用户的默认共享,对应用户的宿主目录。当用户访问服务器中与自己用户名同名的共享目录时,通过验证后将会自动映射到该用户的宿主目录中 |
| [printers] | 打印机共享设置 |
//测试配置文件是否有语法错误,以及显示最终生效的配置:使用testparm命令
[[email protected] samba]# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK. 有ok就说明没有语法错误
Weak crypto is allowed
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global] 表示全局,写在其下面表示对全服务器生效
printcap name = cups
security = USER
workgroup = SAMBA
idmap config * : backend = tdb
cups options = raw
[homes] 写在其下面只对用户的家目录生效
browseable = No
comment = Home Directories
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[share] 只对该目录生效或只对该共享生效
path = /opt/smb
1.5 Samba安全级别
- Samba服务器的安全级别有三个,分别是user,server,domain
| 安全级别 | 作用 |
|---|---|
| user | 基于本地的验证 |
| server | 由另一台指定的服务器对用户身份进行认证 |
| domain | 由域控进行身份验证 |
以前的samba版本支持的安全级别有四个,分别是share,user,server,domain
share是用来设置匿名访问的,但现在的版本已经不支持share了,但是还是可以实现匿名访问的
只是配置方式变了
1.6 常用配置文件参数
| 参数 | 作用 |
|---|---|
| workgroup | 表示设置工作组名称 |
| server string | 表示描述samba服务器 |
| security | 表示设置安全级别,其值可为share、user、server、domain |
| passdb backend | 表示设置共享帐户文件的类型,其值可为tdbsam(tdb数据库文件)、ldapsam(LDAP目录认证)、smbpasswd(兼容旧版本samba密码文件) |
| comment | 表示设置对应共享目录的注释,说明信息,即文件共享名 |
| browseable | 表示设置共享是否可见 |
| writable | 表示设置目录是否可写 |
| path | 表示共享目录的路径 |
| guest ok | 表示设置是否所有人均可访问共享目录 |
| public | 表示设置是否允许匿名用户访问 |
| write list | 表示设置允许写的用户和组,组要用@表示,例如 write list = root,@root |
| valid users | 设置可以访问的用户和组,例如 valid users = root,@root |
| hosts deny | 设置拒绝哪台主机访问,例如 hosts deny = 192.168.72.1 |
| hosts allow | 设置允许哪台主机访问,例如 hosts allow = 192.168.72.2 |
| printable | 表示设置是否为打印机 |
- server string
[[email protected] samba]# vim smb.conf.example
server string = Samba Server Version %v 描述服务器版本号
- passdb backend
[[email protected] samba]# vim smb.conf
passdb backend = tdbsam
[[email protected] samba]# find / -name tdbsam*
/usr/lib64/samba/pdb/tdbsam.so
- comment
服务端的smb.conf文件里添加comment,表示说明
[[email protected] samba]# vim smb.conf
[share]
path = /opt/anon
comment = jjyy 添加此内容
browseable = yes
guest ok = yes
writable = yes
public = yes
[[email protected] samba]# systemctl restart smb nmb
客户端查看
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
mq Disk
share Disk jjyy 此时就能看到jjyy的注释
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
- valid users;write list
服务机添加valid users和write list
[[email protected] samba]# vim smb.conf
[share]
path = /opt/anon 可共享目录
browseable = yes
writable = no 都不能写;此步骤需要写到write list前面,不然效果出不来
valid users = tom,jerry 可以登陆的账户
write list = jerry 可以写的账户
客户机查看效果
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry 可查看jerry账户
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
mq Disk
share Disk jjyy
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
[[email protected] ~]# smbclient -L 192.168.50.131 -U tom 可查看tom账户
Enter SAMBA\tom's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[[email protected] ~]# smbclient -L 192.168.50.131 -U mq 可以查看mq用户
Enter SAMBA\mq's password:
Sharename Type Comment
--------- ---- -------
share Disk
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[[email protected] ~]# smbclient //192.168.50.131/share -U tom 可登陆tom账户
Enter SAMBA\tom's password:
Try "help" to get a list of possible commands.
smb: \> ls 可以查看
. D 0 Tue Oct 13 20:58:35 2020
.. D 0 Tue Oct 13 20:36:34 2020
abc A 0 Tue Oct 13 20:58:35 2020
17811456 blocks of size 1024. 16172024 blocks available
[[email protected] ~]# smbclient //192.168.50.131/share -U mq mq用户不能登陆
Enter SAMBA\mq's password:
tree connect failed: NT_STATUS_ACCESS_DENIED
[[email protected] ~]# smbclient //192.168.50.131/share -U jerry jerry用户可以登陆
Enter SAMBA\jerry's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Tue Oct 13 20:58:35 2020
.. D 0 Tue Oct 13 20:36:34 2020
abc A 0 Tue Oct 13 20:58:35 2020
17811456 blocks of size 1024. 16171400 blocks available
smb: \> mkdir 456 可以创建说明可写
smb: \> ls
. D 0 Wed Oct 14 15:04:25 2020
.. D 0 Tue Oct 13 20:36:34 2020
abc A 0 Tue Oct 13 20:58:35 2020
456 D 0 Wed Oct 14 15:04:25 2020
17811456 blocks of size 1024. 16171400 blocks available
服务端查看jerry创建的456效果
[[email protected] samba]# ll /opt/anon/
total 0
drwxr-xr-x 2 jerry jerry 6 Oct 14 15:04 456
-rwxr--r--. 1 nobody nobody 0 Oct 13 20:58 abc
- hosts deny(hosts allow与之相反)
服务机配置文件里添加不让访问的主机ip
[[email protected] samba]# vim smb.conf
[share]
path = /opt/anon
browseable = yes
writable = no
valid users = tom,jerry
write list = jerry
hosts deny = 192.168.50.135 添加此行内容说明该台主机不能访问,其他主机可以访问
[[email protected] samba]# systemctl restart smb nmb
客户端查看
[[email protected] ~]# smbclient //192.168.50.131/share -U jerry
Enter SAMBA\jerry's password:
tree connect failed: NT_STATUS_ACCESS_DENIED 权限被拒绝
此时用真机可以访问,登陆。
2. samba访问
环境说明:
| 服务器IP | 客户机IP |
|---|---|
| 192.168.50.131 | 192.168.50.135 |
- 交互式数据访问
服务机创建一个用户
[[email protected] samba]# smbpasswd -a jerry
New SMB password:
Retype new SMB password:
Added user jerry.
客户机上查看
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
在服务机的smb.conf文件里添加一个共享
[[email protected] samba]# vim smb.conf
......
[share]
path = /opt
[[email protected] samba]# systemctl restart smb nmb 重启服务
查看客户机
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
share Disk 此时可以查看到共享
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
在上一步的基础上添加以下内容
[[email protected] samba]# vim smb.conf
[share]
path = /opt
browseable = No 为No时客户机上查看不到共享内容,但是能用,相当于一个隐藏共享
[[email protected] samba]# systemctl restart smb nmb
查看客户机
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
客户机
[[email protected] ~]# smbclient -L 192.168.50.131 -U jerry 跟服务机ip
Enter SAMBA\jerry's password:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.11.2)
jerry Disk Home Directories
SMB1 disabled -- no workgroup available
[[email protected] ~]#
[[email protected] ~]# smbclient //192.168.50.131/jerry -U jerry
Enter SAMBA\jerry's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Tue Oct 13 17:51:28 2020
.. D 0 Tue Oct 13 17:51:28 2020
.bash_logout H 18 Fri Aug 30 13:30:21 2019
.bash_profile H 141 Fri Aug 30 13:30:21 2019
.bashrc H 312 Fri Aug 30 13:30:21 2019
17811456 blocks of size 1024. 16140572 blocks available
smb: \> mkdir abc 创建一个abc
smb: \> ls
. D 0 Tue Oct 13 19:09:22 2020
.. D 0 Tue Oct 13 17:51:28 2020
.bash_logout H 18 Fri Aug 30 13:30:21 2019
.bash_profile H 141 Fri Aug 30 13:30:21 2019
.bashrc H 312 Fri Aug 30 13:30:21 2019
abc D 0 Tue Oct 13 19:09:22 2020
17811456 blocks of size 1024. 16140572 blocks available
smb: \>
服务机上查看是否有abc
[email protected] samba]# ls /home/jerry/
abc
[[email protected] samba]# ll /home/jerry/
total 0
drwxr-xr-x. 2 jerry jerry 6 Oct 13 19:09 abc
退出
smb: \> exit
[[email protected] ~]#
- 基于挂载的方式访问(推荐使用)
1. 临时挂载
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 963M 0 963M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 980M 8.7M 972M 1% /run
tmpfs 980M 0 980M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 1.8G 16G 11% /
/dev/nvme0n1p1 1014M 160M 855M 16% /boot
tmpfs 196M 0 196M 0% /run/user/0
/dev/sr0 7.9G 7.9G 0 100% /mnt
[[email protected] ~]# mount -t cifs //192.168.50.131/jerry /media/ -o username=jerry,password=123456 将服务机上的jerry挂载到media上去
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 963M 0 963M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 980M 8.7M 972M 1% /run
tmpfs 980M 0 980M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 1.8G 16G 11% /
/dev/nvme0n1p1 1014M 160M 855M 16% /boot
tmpfs 196M 0 196M 0% /run/user/0
/dev/sr0 7.9G 7.9G 0 100% /mnt
//192.168.50.131/jerry 17G 1.6G 16G 10% /media
[[email protected] ~]# cd /media/
[[email protected] media]# ls
[[email protected] media]# touch abc 直接创建文件
[[email protected] media]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 13 19:21 abc
服务机上查看
[[email protected] samba]# ll /home/jerry
total 0
-rwxr--r--. 1 jerry jerry 0 Oct 13 19:21 abc
2.永久挂载
客户机上添加以下内容
[[email protected] ~]# vim /etc/fstab
......
//192.168.50.131/jerry /media cifs defaults,username=jerry,password=123456 0 0
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 963M 0 963M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 980M 8.7M 972M 1% /run
tmpfs 980M 0 980M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 1.8G 16G 11% /
/dev/nvme0n1p1 1014M 160M 855M 16% /boot
tmpfs 196M 0 196M 0% /run/user/0
/dev/sr0 7.9G 7.9G 0 100% /mnt
//192.168.50.131/jerry 17G 1.6G 16G 10% /media
3. 配置用户认证共享
安装samba服务器:
[[email protected] ~]# yum -y install samba-*
创建一个系统用户(不允许登陆)
[[email protected] ~]# useradd -r -M -s /sbin/nologin mq
[[email protected] ~]# smbpasswd -a mq
New SMB password:
Retype new SMB password:
Added user mq.
在/etc/samba/smbusers文件中添加如下内容
[[email protected] ~]# cd /etc/samba/
[[email protected] samba]# ls
lmhosts smb.conf smb.conf.example
[[email protected] samba]# vim smbusers
mq = share share用户是个假账户,查看不到
[[email protected] samba]# id share
id: ‘share’: no such user
[[email protected] samba]# id mq
uid=993(mq) gid=989(mq) groups=989(mq)
在配置文件里添加映射
[[email protected] samba]# vim smb.conf
[global]
workgroup = SAMBA
security = user
username map = /etc/samba/smbusers 添加此行内容
创建目录,修改所有者
[[email protected] samba]# mkdir /opt/smb
[[email protected] samba]# chown -R mq.mq /opt/smb
配置共享
[[email protected] samba]# vim smb.conf
[mq]
path = /opt/smb 路径,表示共享哪个目录
browseable = yes 匿名访问
guest ok = yes
writable = yes 可读可写
write list = share
public = yes 公开的,所有人都可以看到
重启服务
[[email protected] samba]# systemctl restart smb nmb
在客户机查看samba服务器有哪些共享资源
[[email protected] ~]# smbclient -L 192.168.50.131 -U share
Enter SAMBA\share's password:
Sharename Type Comment
--------- ---- -------
mq Disk
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
将samba服务器的共享资源mq挂载到客户机本地
[[email protected] ~]# vim /etc/fstab
//192.168.50.131/mq /media cifs defaults,username=share,password=123456 0 0 添加此内容
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 963M 0 963M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 980M 8.7M 972M 1% /run
tmpfs 980M 0 980M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 1.8G 16G 11% /
/dev/nvme0n1p1 1014M 160M 855M 16% /boot
tmpfs 196M 0 196M 0% /run/user/0
/dev/sr0 7.9G 7.9G 0 100% /mnt
//192.168.50.131/mq 17G 1.7G 16G 10% /media
在客户机上进入共享目录创建新文件
[[email protected] ~]# cd /media/
[[email protected] media]# ls
[[email protected] media]# touch abc
[[email protected] media]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 13 20:30 abc
到服务机上验证
[[email protected] samba]# ll /opt/smb/
total 0
-rwxr--r--. 1 mq mq 0 Oct 13 20:30 abc
4. 配置匿名共享
安装samba服务器:
[[email protected] ~]# yum -y install samba-*
创建一个共享目录anon
[[email protected] samba]# mkdir /opt/anon
[[email protected] samba]# chmod 777 /opt/anon/
[[email protected] samba]# ll /opt/
total 0
drwxrwxrwx. 2 root root 6 Oct 13 20:35 anon
drwxr-xr-x. 2 mq mq 17 Oct 13 20:30 smb
在配置文件中添加映射
[[email protected] samba]# vim smb.conf
[global]
workgroup = SAMBA
security = user
map to guest = Bad User 添加此行内容
配置共享
[[email protected] samba]# vim smb.conf
[share]
path = /opt/anon
browseable = yes
guest ok = yes
writable = yes
public = yes
重启服务
[[email protected] samba]# systemctl restart smb nmb
在客户机查看samba服务器有哪些共享资源
[[email protected] ~]# smbclient -L 192.168.50.131 -U 'Bad User'
Enter SAMBA\Bad User's password: 此处不需要输密码
Sharename Type Comment
--------- ---- -------
mq Disk
share Disk
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
将samba服务器的共享资源mq挂载到客户机本地
[[email protected] ~]# vim /etc/fstab
//192.168.50.131/share /media cifs defaults,username=BadUser 0 0 添加此行,不需要输密码
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 963M 0 963M 0% /dev
tmpfs 980M 0 980M 0% /dev/shm
tmpfs 980M 8.7M 972M 1% /run
tmpfs 980M 0 980M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 1.8G 16G 11% /
/dev/nvme0n1p1 1014M 160M 855M 16% /boot
tmpfs 196M 0 196M 0% /run/user/0
/dev/sr0 7.9G 7.9G 0 100% /mnt
//192.168.50.131/share 17G 1.7G 16G 10% /media
在客户机上进入共享目录创建新文件
[[email protected] media]# touch abc
[[email protected] media]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 13 20:58 abc
到服务机上验证
[[email protected] samba]# ll /opt/anon/
total 0
-rwxr--r--. 1 nobody nobody 0 Oct 13 20:58 abc 匿名用户访问,所以是nobody