Linux系統部署samba服務記錄

Samba(Server Messages Block)是一種linux系統和windws系統之間依靠網絡協議共享文件的服務程序,(Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol ),下面簡單介紹在Centos 7部署記錄(IP:192.168.1.19)python

1、安裝Sambalinux

[root@localhost ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@localhost ~]# yum install -y samba

2、配置防火牆和Selinux,不然windows沒法訪問,在生產環境通常防火牆都不會關閉數據庫

[root@localhost ~]# systemctl status firewalld        #通常狀況下默認是開的,若是關閉,就啓動一下
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-04-08 09:40:24 EDT; 2h 11min ago
     Docs: man:firewalld(1)
 Main PID: 4711 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─4711 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Apr 08 09:51:09 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).
Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.
Hint: Some lines were ellipsized, use -l to show in full.

[root@localhost ~]# firewall-cmd --add-service samba --permanent
success

[root@localhost ~]# firewall-cmd --reload    #重啓防火牆
success

[root@localhost ~]# firewall-cmd --list-all|grep samba    #確認是否加策略成功
  services: ssh dhcpv6-client samba

關閉Selinux,不然windows客戶端鏈接不上samba
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled

[root@localhost ~]# setenforce 0    
[root@localhost ~]# getenforce 
Permissive

3、Samba服務器的配置vim

[root@localhost samba]# cp /etc/samba/smb.conf /etc/samba/smb.conf_bak_20190426
[root@localhost samba]# cat /etc/samba/smb.conf
[global]                                    #全局配置
        workgroup = SAMBA
        security = user  #安全驗證的方式
#一、share 來訪主機無需驗證口令,比較方便,可是安全性較差,如今新版本限制使用,若是使用沒法啓動服務
#二、user 須要驗證來訪主機提供的口令才能訪問 #三、使用獨立的遠程主機驗證來驗證提供的口令
#四、domain使用域控制器進行身份驗證
passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 [database] #共享名稱,也是文件夾的標識,配置了多少個,登錄的時候就會顯示多少文件夾 comment=do not modify it all will #對該共享的描述,隨意本身定義 path=/home/database #該共享的路徑 public=no #是否對全部人共享 writeable=yes #容許寫入操做 !!!若是是拷貝配置的話,去掉漢字,不然smb服務沒法啓動 [root@localhost samba]# systemctl restart smb

四、訪問方式1、任何人均可以匿名訪問,能夠增刪改查windows

[root@localhost home]# chmod 777 database/

[root@localhost database]# vim /etc/samba/smb.conf
[global]
        workgroup = SAMBA
        security = user
        map to guest = Bad User
        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775
[database]
        comment=do not modify it all will
        path=/home/database
        public = yes
        writeable=yes
        guest ok = yes

 這中方法謹慎使用,由於存在很大的安全因素,若是別人不當心刪除或者修改文件,咱們就沒法恢復了。安全

有的時候經過IP訪問,時間久了或者其餘緣由很容易忘記,這時候配一個內網的DNS可以有效的解決這個二問題,下面演示如何配置DNS訪問咱們的服務器bash

一、先給服務器配置上DNS解析,假如用開發組來命名
[root@localhost ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.19 devops
~      
[root@localhost ~]# ping -c 4 devops
PING devops (192.168.1.19) 56(84) bytes of data.
64 bytes from devops (192.168.1.19): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from devops (192.168.1.19): icmp_seq=2 ttl=64 time=0.122 ms
64 bytes from devops (192.168.1.19): icmp_seq=3 ttl=64 time=0.125 ms
64 bytes from devops (192.168.1.19): icmp_seq=4 ttl=64 time=0.121 ms

--- devops ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3008ms
rtt min/avg/max/mdev = 0.045/0.103/0.125/0.034 ms
 
測試內網是沒有問題,而後配置windows的hosts

C:\Windows\System32\drivers\etc        #個人電腦是在這個路徑下

127.0.0.1       localhost
192.168.1.19 devops  #加上這個配置

 

測試OK,咱們就能夠經過 \\devops 去訪問咱們的服務器服務器

 

訪問方式2、經過帳號密碼訪問,在Centos7中,Samba服務默認的用戶認證模式(user)網絡

可是隻有創建信息數據庫以後才能使用用戶口令認證模式,dom

pdbedit命令用於管理SMB服務程序的帳戶信息數據庫,語法格式爲 pdbedit [選項] 帳戶 

-a  -u   用戶名 創建samba帳戶
-x  -u  用戶名 刪除samba帳戶
-L 列出帳戶列表
-Lv 列出帳戶詳細信息的列表
這裏咱們經過root去訪問,那你也能夠用其餘帳號去訪問
[root@localhost ~]# id root
uid=0(root) gid=0(root) groups=0(root)

[root@localhost ~]# pdbedit -a -u root
new password:
retype new password:
Unix username:        root
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-683895756-2385326933-4243325015-1000
Primary Group SID:    S-1-5-21-683895756-2385326933-4243325015-513
Full Name:            root
Home Directory:       \\localhost\root
HomeDir Drive:        
Logon Script:         
Profile Path:         \\localhost\root\profile
Domain:               LOCALHOST
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 10:06:39 EST
Kickoff time:         Wed, 06 Feb 2036 10:06:39 EST
Password last set:    Mon, 08 Apr 2019 16:51:45 EDT
Password can change:  Mon, 08 Apr 2019 16:51:45 EDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 

在使用用戶名密碼訪問時,需將全局配置裏面map to guest註釋掉

# map to guest = Bad User

[root@localhost ~]# systemctl restart smb
相關文章
相關標籤/搜索