Samba(Server Messages Block)是一種linux系統和windws系統之間依靠網絡協議共享文件的服務程序,(Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol ),下面簡單介紹在Centos 7部署記錄(IP:192.168.1.19)python
1、安裝Sambalinux
[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@localhost ~]# yum install -y samba
2、配置防火牆和Selinux,不然windows沒法訪問,在生產環境通常防火牆都不會關閉數據庫
[root@localhost ~]# systemctl status firewalld #通常狀況下默認是開的,若是關閉,就啓動一下
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-04-08 09:40:24 EDT; 2h 11min ago
Docs: man:firewalld(1)
Main PID: 4711 (firewalld)
CGroup: /system.slice/firewalld.service
└─4711 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Apr 08 09:51:09 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# firewall-cmd --add-service samba --permanent
success
[root@localhost ~]# firewall-cmd --reload #重啓防火牆
success
[root@localhost ~]# firewall-cmd --list-all|grep samba #確認是否加策略成功
services: ssh dhcpv6-client samba
關閉Selinux,不然windows客戶端鏈接不上samba
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
3、Samba服務器的配置vim
[root@localhost samba]# cp /etc/samba/smb.conf /etc/samba/smb.conf_bak_20190426 [root@localhost samba]# cat /etc/samba/smb.conf [global] #全局配置 workgroup = SAMBA security = user #安全驗證的方式
#一、share 來訪主機無需驗證口令,比較方便,可是安全性較差,如今新版本限制使用,若是使用沒法啓動服務
#二、user 須要驗證來訪主機提供的口令才能訪問 #三、使用獨立的遠程主機驗證來驗證提供的口令
#四、domain使用域控制器進行身份驗證
passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 [database] #共享名稱,也是文件夾的標識,配置了多少個,登錄的時候就會顯示多少文件夾 comment=do not modify it all will #對該共享的描述,隨意本身定義 path=/home/database #該共享的路徑 public=no #是否對全部人共享 writeable=yes #容許寫入操做 !!!若是是拷貝配置的話,去掉漢字,不然smb服務沒法啓動 [root@localhost samba]# systemctl restart smb
四、訪問方式1、任何人均可以匿名訪問,能夠增刪改查windows
[root@localhost home]# chmod 777 database/
[root@localhost database]# vim /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
map to guest = Bad User
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[database]
comment=do not modify it all will
path=/home/database
public = yes
writeable=yes
guest ok = yes
這中方法謹慎使用,由於存在很大的安全因素,若是別人不當心刪除或者修改文件,咱們就沒法恢復了。安全
有的時候經過IP訪問,時間久了或者其餘緣由很容易忘記,這時候配一個內網的DNS可以有效的解決這個二問題,下面演示如何配置DNS訪問咱們的服務器bash
一、先給服務器配置上DNS解析,假如用開發組來命名 [root@localhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.19 devops ~ [root@localhost ~]# ping -c 4 devops PING devops (192.168.1.19) 56(84) bytes of data. 64 bytes from devops (192.168.1.19): icmp_seq=1 ttl=64 time=0.045 ms 64 bytes from devops (192.168.1.19): icmp_seq=2 ttl=64 time=0.122 ms 64 bytes from devops (192.168.1.19): icmp_seq=3 ttl=64 time=0.125 ms 64 bytes from devops (192.168.1.19): icmp_seq=4 ttl=64 time=0.121 ms --- devops ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3008ms rtt min/avg/max/mdev = 0.045/0.103/0.125/0.034 ms 測試內網是沒有問題,而後配置windows的hosts C:\Windows\System32\drivers\etc #個人電腦是在這個路徑下 127.0.0.1 localhost 192.168.1.19 devops #加上這個配置
測試OK,咱們就能夠經過 \\devops 去訪問咱們的服務器服務器
訪問方式2、經過帳號密碼訪問,在Centos7中,Samba服務默認的用戶認證模式(user)網絡
可是隻有創建信息數據庫以後才能使用用戶口令認證模式,dom
pdbedit命令用於管理SMB服務程序的帳戶信息數據庫,語法格式爲 pdbedit [選項] 帳戶
-a -u 用戶名 | 創建samba帳戶 |
-x -u 用戶名 | 刪除samba帳戶 |
-L | 列出帳戶列表 |
-Lv | 列出帳戶詳細信息的列表 |
這裏咱們經過root去訪問,那你也能夠用其餘帳號去訪問 [root@localhost ~]# id root uid=0(root) gid=0(root) groups=0(root) [root@localhost ~]# pdbedit -a -u root new password: retype new password: Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-683895756-2385326933-4243325015-1000 Primary Group SID: S-1-5-21-683895756-2385326933-4243325015-513 Full Name: root Home Directory: \\localhost\root HomeDir Drive: Logon Script: Profile Path: \\localhost\root\profile Domain: LOCALHOST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set: Mon, 08 Apr 2019 16:51:45 EDT Password can change: Mon, 08 Apr 2019 16:51:45 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
在使用用戶名密碼訪問時,需將全局配置裏面map to guest註釋掉
# map to guest = Bad User
[root@localhost ~]# systemctl restart smb