Linux系統部署samba服務記錄

Samba（Server Messages Block）是一種linux系統和windws系統之間依靠網絡協議共享文件的服務程序，（Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol ），下面簡單介紹在Centos 7部署記錄（IP：192.168.1.19）

1、安裝Samba

[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@localhost ~]# yum install -y samba

2、配置防火牆和Selinux，不然windows沒法訪問，在生產環境通常防火牆都不會關閉

[root@localhost ~]# systemctl status firewalld        #通常狀況下默認是開的，若是關閉，就啓動一下
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-04-08 09:40:24 EDT; 2h 11min ago
     Docs: man:firewalld(1)
 Main PID: 4711 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─4711 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Apr 08 09:51:09 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Hint: Some lines were ellipsized, use -l to show in full.

[root@localhost ~]# firewall-cmd --add-service samba --permanent
success

[root@localhost ~]# firewall-cmd --reload    #重啓防火牆
success

[root@localhost ~]# firewall-cmd --list-all|grep samba    #確認是否加策略成功
  services: ssh dhcpv6-client samba

關閉Selinux，不然windows客戶端鏈接不上samba
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled

[root@localhost ~]# setenforce 0    
[root@localhost ~]# getenforce 
Permissive

3、Samba服務器的配置

[root@localhost samba]# cp /etc/samba/smb.conf /etc/samba/smb.conf_bak_20190426
[root@localhost samba]# cat /etc/samba/smb.conf
[global]                                    #全局配置
        workgroup = SAMBA
        security = user　　#安全驗證的方式
#一、share 來訪主機無需驗證口令，比較方便，可是安全性較差，如今新版本限制使用，若是使用沒法啓動服務
#二、user 須要驗證來訪主機提供的口令才能訪問
#三、使用獨立的遠程主機驗證來驗證提供的口令
#四、domain使用域控制器進行身份驗證

        passdb backend = tdbsam
 
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
 
[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
 
[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
 
[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775
[database]  #共享名稱，也是文件夾的標識，配置了多少個，登錄的時候就會顯示多少文件夾
        comment=do not modify it all will   #對該共享的描述，隨意本身定義
        path=/home/database                 #該共享的路徑
        public=no                           #是否對全部人共享
        writeable=yes                       #容許寫入操做
！！！若是是拷貝配置的話，去掉漢字，不然smb服務沒法啓動   

[root@localhost samba]# systemctl restart smb  

四、訪問方式1、任何人均可以匿名訪問，能夠增刪改查

[root@localhost home]# chmod 777 database/

[root@localhost database]# vim /etc/samba/smb.conf
[global]
        workgroup = SAMBA
        security = user
        map to guest = Bad User
        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775
[database]
        comment=do not modify it all will
        path=/home/database
        public = yes
        writeable=yes
        guest ok = yes

 這中方法謹慎使用，由於存在很大的安全因素，若是別人不當心刪除或者修改文件，咱們就沒法恢復了。

有的時候經過IP訪問，時間久了或者其餘緣由很容易忘記，這時候配一個內網的DNS可以有效的解決這個二問題，下面演示如何配置DNS訪問咱們的服務器

一、先給服務器配置上DNS解析，假如用開發組來命名
[root@localhost ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.19 devops
~      
[root@localhost ~]# ping -c 4 devops
PING devops (192.168.1.19) 56(84) bytes of data.
64 bytes from devops (192.168.1.19): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from devops (192.168.1.19): icmp_seq=2 ttl=64 time=0.122 ms
64 bytes from devops (192.168.1.19): icmp_seq=3 ttl=64 time=0.125 ms
64 bytes from devops (192.168.1.19): icmp_seq=4 ttl=64 time=0.121 ms

--- devops ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 0.045/0.103/0.125/0.034 ms
 
測試內網是沒有問題，而後配置windows的hosts

C:\Windows\System32\drivers\etc        #個人電腦是在這個路徑下

127.0.0.1       localhost
192.168.1.19 devops  #加上這個配置

　

測試OK，咱們就能夠經過 \\devops 去訪問咱們的服務器

 

訪問方式2、經過帳號密碼訪問，在Centos7中，Samba服務默認的用戶認證模式（user）

可是隻有創建信息數據庫以後才能使用用戶口令認證模式，

pdbedit命令用於管理SMB服務程序的帳戶信息數據庫，語法格式爲 pdbedit [選項] 帳戶 

-a  -u   用戶名	創建samba帳戶
-x  -u  用戶名	刪除samba帳戶
-L	列出帳戶列表
-Lv	列出帳戶詳細信息的列表

這裏咱們經過root去訪問，那你也能夠用其餘帳號去訪問
[root@localhost ~]# id root
uid=0(root) gid=0(root) groups=0(root)

[root@localhost ~]# pdbedit -a -u root
new password:
retype new password:
Unix username:        root
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-683895756-2385326933-4243325015-1000
Primary Group SID:    S-1-5-21-683895756-2385326933-4243325015-513
Full Name:            root
Home Directory:       \\localhost\root
HomeDir Drive:        
Logon Script:         
Profile Path:         \\localhost\root\profile
Domain:               LOCALHOST
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 10:06:39 EST
Kickoff time:         Wed, 06 Feb 2036 10:06:39 EST
Password last set:    Mon, 08 Apr 2019 16:51:45 EDT
Password can change:  Mon, 08 Apr 2019 16:51:45 EDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF　

在使用用戶名密碼訪問時，需將全局配置裏面map to guest註釋掉

# map to guest = Bad User

[root@localhost ~]# systemctl restart smb