Samba
Samba是在Linux和UNIX系統上實現SMB協議的一個免費軟件,由服務器及客戶端程序構成。SMB(Server Messages Block,信息服務塊)是一種在局域網上共享文件和打印機的一種通訊協議,它爲局域網內的不一樣計算機之間提供文件及打印機等資源的共享服務。SMB協議是客戶機/服務器型協議,客戶機經過該協議能夠訪問服務器上的共享文件系統、打印機及其餘資源。linux
一、安裝
# yum install -y samba samba-clientios
# rpm -qa | grep samba
samba-common-libs-4.9.1-6.el7.x86_64
samba-client-4.9.1-6.el7.x86_64
samba-client-libs-4.9.1-6.el7.x86_64
samba-libs-4.9.1-6.el7.x86_64
samba-4.9.1-6.el7.x86_64
samba-common-4.9.1-6.el7.noarch
samba-common-tools-4.9.1-6.el7.x86_64數據庫
二、經常使用命令
1.systemctl status smb #查看smd服務的狀態 2.systemctl start smb #運行smb服務 3.systemctl stop smb #中止服務 4.systemctl restart smb #重啓服務,但在實際中通常不採用 5.systemctl reload smb #重載服務,在實際中較經常使用,不用中止服務
三、配置
# cat /etc/samba/smb.confvim
[global] #定義全局策略
workgroup = SAMBA #定義工做組
security = user #安全等級,有四種瀏覽器
#share: 用戶不須要賬號密碼便可登陸samba服務器安全
#user : 由提供服務的samba服務器負責檢查帳戶及密碼(默認)服務器
#server :檢查賬號密碼的工做由另外Windows或samba服務器負責dom
#domain : 指定Windows域控制服務器來驗證用戶的帳戶及密碼svn
passdb backend = tdbsam #用戶後臺,有三種工具
#smbpasswd : 使用smb工具smbpasswd給系統用戶設置一個samba密碼,客戶端就用此密碼訪問samba 資源。smbpasswd在/etc/samba中,有時須要手動建立該文件。
#tdbsam : 使用數據庫文件建立用戶數據庫。數據庫文件叫passdb.tdb,在/etc/samba中。passdb.tdb可以使用smbpasswd -a建立samba用戶,要建立的samba用戶必須是系統用戶。也可以使用pdbedit建立samba帳戶。pdbedit參數不少。列出幾個重要的:
#pdbedit -a username :新建用戶
#pdbedit -x username :刪除用戶
#pdbedit -L :列出用戶列表,讀取passdb.tdb數據庫文件
#pdbedit -Lv : 列出用戶列表詳細信息
#pdbedit -c "[D]" -u username : 暫停該用戶賬號
#pdbedit -c "[]" -u username : 恢復該用戶賬號
# ldapsam:基於LDAP賬號管理方式驗證用戶。首先要創建LDAP服務,設置「passdb backend = ldapsam:ldap://LDAP Server」
printing = cups
printcap name = cups
load printers = yes #客戶端在10分鐘內沒有打開任何Samba資源,
#服務器將自動關閉回話。
cups options = raw #打印屬性
[homes] #共享名稱
comment = Home Directories #註釋,共享的描述信息
valid users = %S, %D%w%S #容許訪問該共享的用戶
browseable = No #共享目錄是否能夠被瀏覽
read only = No
inherit acls = Yes
[printers] #設置打印機共享
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
四、實例
*實驗前,關閉selinux和iptables
# systemctl stop firewalld
# setenforce 0
一、共享一個目錄,任何人均可以訪問,即不用輸入密碼便可訪問,要求只讀
vim samba的配置文件/etc/samba/smb.conf
# cp smb.conf smb.conf.bak
# cat smb.conf
[global]
workgroup = WORKGROUP
security = share
passdb backend = tdbsam
[public]
comment = share all
path = /pubil
browseable = yes
public = yes
writable = Yes
報錯了,不能用security = share,改配置
# cat /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
測試配置是否正確
# touch /public/test.txt
# testparm smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
若是沒有錯誤,則在你的Windows機器上的瀏覽器輸入file://IP/public看是否可以訪問
二、共享一個目錄,使用賬號和密碼登陸後才能夠訪問,要求能夠讀寫。
打開samba的配置文件/etc/samba/smb.conf
# vim /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
passdb backend = tdbsam #用戶後臺管理
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
#新增一個共享項目
[myshare]
comment = share for users
path = /samba
browseable = yes
writeable = yes
public = no
保存配置文件,建立目錄
# mkdir /samba
# chmod 777 /samba/
添加用戶。由於在[globa]中「passdb backend = tdbsam」,因此要用「pdbedit」來增長用戶,注意添加的用戶必須在系統中存在。
# useradd user1
# useradd user2
# pdbedit -a user1
# pdbedit -a user2
# pdbedit -L
user1:1004:
user2:1005:
測試
# testparm /etc/samba/smb.conf
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
Processing section "[public]"
Processing section "[myshare]"
aded services file OK.
瀏覽器輸入file://IP/myshare/ 而後輸入用戶名和密碼,新建個文檔
# ll /samba/
total 4
-rwxr--r--. 1 user1 user1 0 Oct 8 12:14 新建文本文檔.txt
報錯
啓動smb服務,報錯Failed to start Samba SMB Daemon.
[root@svn samba]# systemctl status smb.service ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2019-09-30 03:24:49 CST; 8min ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Process: 2130 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 2130 (code=exited, status=1/FAILURE) Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed.
用journalctl -xe來查詢服務啓動失敗的緣由
「WARNING: Ignoring invalid value 'share' for parameter 'security'」
[root@svn samba]# journalctl -xe -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:09 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:09 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:09 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:09 svn systemd[1]: smb.service failed. Sep 30 03:24:09 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2117:2328615 (system bus nam Sep 30 03:24:49 svn polkitd[778]: Registered Authentication Agent for unix-process:2124:2332573 (system bus name Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed. Sep 30 03:24:49 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2124:2332573 (system bus nam [root@svn samba]# [root@svn samba]# [root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services. [root@svn samba]#
用testparm測試smb.conf是否正確
[root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services.
WARNING: Ignoring invalid value 'share' for parameter 'security'
經查,配置samba服務器,中加入了security=share,可是testparm輸出的信息裏沒有這一條,客戶機也沒法訪問
security=share在新版中已經被廢棄了
把security = share改成 security = user map to guest = Bad User
就能夠了。