3. Samba Services
four main service
. authentication and authorization of users
. file and printer sharing
. name resolution
. browsing
related
. smbclient
. mount a SMB/CIFS share using 'cifs" file system
Packages: samba, samba-common, samba-client, samba-config-samba
Daemons: /usr/sbin/nmbd, /usr/sbin/smbd
Scripts: /etc/init.d/smb
Ports: tcp 445(ds), 137, 138, 139
Configuration: /etc/samba/*
Related: testparm(語法檢測) , ip_conntrack_netbios_ns
(1)安裝及啟動
#yum install samba samba-common samba-client samba-config-samba
#service smb start
#chkconfig smb on
(2)設定
SELinux設定
查詢
[root@server118 ~]# getsebool -a |grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_share_nfs --> off
use_samba_home_dirs --> off
設定: 允許user可以使用家目錄/home/*
#setsebool -P samba_enable_home_dirs on
[root@server118 ~]# getsebool -a |grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_share_nfs --> off
use_samba_home_dirs --> off
開放Firewall ports: iptables
#samba 137,138,139.445(ds)
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 137 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 138 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 139 -s 192.168.0.0/24 -j ACCEPT
iptables -t filter -A CLASS-RULES -m state --state NEW -p tcp --dport 445 -s 192.168.0.0/24 -j ACCEPT
#vi /etc/samba/smb.conf
[global]
# ----------------------- Network Related Options -------------------------
---略---
#edit (修改group name, netbios name, hosts allow(允許192.168.0. 網段)
workgroup = EXAMPLE
server string = Samba Server Version %v
netbios name = server118
hosts allow = 127. 192.168.0.
---略---
# ----------------------- Standalone Server Options ------------------------
#edit (把註解拿掉)
security = user
passdb backend = tdbsam
---略---
#============================ Share Definitions ==============================
---略---
[homes](不變動, 沒有path的原因, 會依登入使用者進入自己的家目錄)
comment = Home Directories
browseable = no
writeable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
---略---
# A publicly accessible directory, but read only, except for people in
[legal]
comment = Samba legal's files
#create new group: legal , 將allow users加入group
#create mask 0660: 屬於group的users都有rw的權限
#chmod 3770 /home/samba, 給予群組權限(rwx). 並禁止刪除別人的檔案(T)
#chgrp leagl /home/samba, 指定group: legal
#修改正確selinux指紋
#(1)share(/home/samba)目錄
#chcon -t samba_share_t /home/samba
#(2)家目錄(home)
#chcon -t user_home_dir_t /home/samba 或 restorecon -R /home/samba (會修改為user_home_dir_t )
path = /home/samba
public = no
writable = yes
printable = no
write list = @legal
create mask = 0660
---略---
設定user, group, smbpasswd
%useradd: karl, joe, mary
%groupadd: legal
%smbpasswd -a $user
#Scripts
for user in karl joe mary
do
useradd -G legal -s /sbin/nologin $user
done
for user in karl joe mary
do
echo "Adding $user to the smbpasswd file..."
smbpasswd -a $user
done
重新啟動
#service smb restart
(3)測試
[root@server1 ~]# smbclient -L server118 -N
Anonymous login successful
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.0.28-0.el5.8]
Sharename Type Comment
--------- ---- -------
legal Disk Samba legal's files
IPC$ IPC IPC Service (Samba Server Version 3.0.28-0.el5.8)
Anonymous login successful
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 3.0.28-0.el5.8]
Server Comment
--------- -------
SERVER118 Samba Server Version 3.0.28-0.el5.8
Workgroup Master
--------- -------
EXAMPLE SERVER118
%登入家目錄
[root@server1 ~]# smbclient //server118/homes -U joe
Password:
Domain=[SERVER118] OS=[Unix] Server=[Samba 3.0.28-0.el5.8]
smb: \> pwd
Current directory is \\server118\homes\
smb: \>
smb: \> ls
. D 0 Sun Jul 26 18:55:06 2009
.. D 0 Sun Jul 26 18:10:52 2009
f5.joe.uid 0 Sun Jul 26 18:55:06 2009
.bash_profile H 176 Sun Jul 26 17:51:23 2009
.mozilla DH 0 Sun Jul 26 17:51:23 2009
.bashrc H 124 Sun Jul 26 17:51:23 2009
f1.joe 0 Sun Jul 26 18:03:48 2009
iptables_rule A 1621 Sun Jul 26 18:35:22 2009
f2.joe 0 Sun Jul 26 18:03:51 2009
.bash_logout H 33 Sun Jul 26 17:51:23 2009
f4.joe.client 0 Sun Jul 26 18:50:41 2009
.emacs H 515 Sun Jul 26 17:51:23 2009
f3.joe.client 0 Sun Jul 26 18:50:30 2009
smb: \> del f2.joe (家目錄有權限)
smb: \> dir
. D 0 Mon Jul 27 00:30:52 2009
.. D 0 Sun Jul 26 18:10:52 2009
f5.joe.uid 0 Sun Jul 26 18:55:06 2009
.bash_profile H 176 Sun Jul 26 17:51:23 2009
.mozilla DH 0 Sun Jul 26 17:51:23 2009
.bashrc H 124 Sun Jul 26 17:51:23 2009
f1.joe 0 Sun Jul 26 18:03:48 2009
iptables_rule A 1621 Sun Jul 26 18:35:22 2009
.bash_logout H 33 Sun Jul 26 17:51:23 2009
f4.joe.client 0 Sun Jul 26 18:50:41 2009
.emacs H 515 Sun Jul 26 17:51:23 2009
f3.joe.client 0 Sun Jul 26 18:50:30 2009
%登入legal目錄
[root@server1 ~]# smbclient //server118/legal -U joe
Password:
Domain=[SERVER118] OS=[Unix] Server=[Samba 3.0.28-0.el5.8]
smb: \> ls
. D 0 Sun Jul 26 19:11:42 2009
.. D 0 Sun Jul 26 18:10:52 2009
f2.public.samba 0 Sun Jul 26 18:27:26 2009
joe.dir D 0 Sun Jul 26 19:09:40 2009
install.log 31854 Sun Jul 26 19:11:42 2009
f1.public.samba 0 Sun Jul 26 18:27:17 2009
smb: \> del f2.public.samba (不允許砍其他user的檔案)
NT_STATUS_ACCESS_DENIED deleting remote file \f2.public.samba
smb: \> rmdir joe.dir (可以砍自己建立的檔案)
smb: \> ls
. D 0 Mon Jul 27 00:34:08 2009
.. D 0 Sun Jul 26 18:10:52 2009
f2.public.samba 0 Sun Jul 26 18:27:26 2009
install.log 31854 Sun Jul 26 19:11:42 2009
f1.public.samba 0 Sun Jul 26 18:27:17 2009
%mount
[root@server1 ~]# mount //server118/legal /mnt/samba -o user=joe
Password: (須要問密碼)
[root@server1 ~]# mount
---略---
//server118/legal on /mnt/samba type cifs (rw,mand)
%若開機要自動mount, 須寫入/etc/fstab
//server118/homes /mnt/samba cifs username=joe,uid=joe 0 0
(以上/etc/fastab的寫法很差,會問密碼..開機會卡住..考試會0(鴨蛋)分喔)
%較佳寫法
[root@server1 ~]# cat /etc/samba/cred.txt
username=joe
password=joe
#vi /etc/fstab
//server118/homes /mnt/samba cifs defaults,credentials=/etc/samba/cred.txt 0 0
%pdbedit (manage the SAM database)
%查現有smb users
#pdbedit -L
%新增smb user
#pdbedit -au student
%刪除smb user
#pdbedit -xu student
留言列表
學習 (2)